Bug#959399: Bug#1113713: libreoffice: LibreOffice fails to start on Trixie when AppArmor is active

Sat, 18 Oct 2025 11:10:21 -0700 

Dear maintainer,

I believe I'm running into the same issue. 
In `/etc/apparmor.d/tunables/home.d/site.local` I have `@{HOMEDIRS}+=/homes/` 
(This is a historical artefact, but I'm very much stuck with it).
The result is that `service apparmor reload` fails, because of the profile in 
`/etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin`. In isolation this 
can be shown with `apparmor_parser --replace -Qv 
/etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin`, which would eat a CPU 
and chug along for a minute or two before failing with `Too many states (98514) 
for type state_t`.
Truncating the profile resolves these symptoms, and will be my workaround for 
the time being. 

Kind regards,
Peter Kroon

On Fri, 12 Sep 2025 12:27:34 +0200 Michael Hierweck <[email protected]> wrote:
> Hi,
> 
> After installing the recent Upgrade (13.0 -> 13.1) my workaround (empty 
> /etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin) refuses to work.
> 
> I cleanedup the configuration again:
> 
> # rm $(cat /var/lib/dpkg/info/libreoffice-common.conffiles)
> # dpkg -i --force-confmiss 
> /var/cache/apt/archives/libreoffice-common_4%3a25.2.3-2+deb13u2_all.deb
> 
> This makes apparmor_parer run forever while the package is configured.
> 
> # rm $(cat /var/lib/dpkg/info/libreoffice-common.conffiles)
> # touch /etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin
> # dpkg -i --force-confmiss 
> /var/cache/apt/archives/libreoffice-common_4%3a25.2.3-2+deb13u2_all.deb
> 
> This solve the issue mentioned above but libreoffice refuses to start.
> 
> Message: "ERROR 4 forking process"
> Caused by: /usr/lib/libreoffice/program/oosplash
> 
> I still wonder why this is related to AppArmor because oosplash is in 
> complain mode only.
> 
> # aa-status |egrep "^[0-9]|libre|oosplash|soffice"
> 176 profiles are loaded.
> 54 profiles are in enforce mode.
>     libreoffice-senddoc
>     libreoffice-xpdfimport
> 46 profiles are in complain mode.
>     libreoffice-oosplash
> 0 profiles are in prompt mode.
> 0 profiles are in kill mode.
> 76 profiles are in unconfined mode.
> 35 processes have profiles defined.
> 7 processes are in enforce mode.
> 5 processes are in complain mode.
> 0 processes are in prompt mode.
> 0 processes are in kill mode.
> 23 processes are unconfined but have a profile defined.
> 0 processes are in mixed mode.
> 
> Regards,
> 
> Michael
> 
>

Reply via email to