[Desktop-packages] [Bug 1863151] Re: apparmor messages for libreoffice 1:6.0.7-0ubuntu0.18.04.10 etc
this appeared on libreoffice 6.4.6.2 on linux mint 20 (1:6.4.6-0ubuntu0.20.04.1): Feb 3 12:30:34 dinar-HP-Pavilion-g7-Notebook-PC kernel: [79901.149664] audit: type=1400 audit(1612344634.103:584): apparmor="ALLOWED" operation="open" profile="libreoffice-soffice" name="/usr/share/zoneinfo-icu/44/le/zoneinfo64.res" pid=43909 comm="soffice.bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Feb 3 12:30:34 dinar-HP-Pavilion-g7-Notebook-PC kernel: [79901.149678] audit: type=1400 audit(1612344634.103:585): apparmor="ALLOWED" operation="open" profile="libreoffice-soffice" name="/usr/share/zoneinfo-icu/44/le/timezoneTypes.res" pid=43909 comm="soffice.bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice in Ubuntu. https://bugs.launchpad.net/bugs/1863151 Title: apparmor messages for libreoffice 1:6.0.7-0ubuntu0.18.04.10 etc Status in libreoffice package in Ubuntu: New Bug description: i have reported 3 bugs for apparmor's libreoffice profile: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1862331 https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1863097 https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1863103 i am afraid i make too much bug reports, so i am going to write other reports here, if they appear. i have now seen this message: Feb 13 20:56:25 dinar-Lenovo-G580 kernel: [29200.067772] audit: type=1400 audit(1581616585.668:272): apparmor="ALLOWED" operation="open" profile="libreoffice-soffice" name="/home/dinar/.config/dconf/user" pid=14211 comm="soffice.bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1863151/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1863151] Re: apparmor messages for libreoffice 1:6.0.7-0ubuntu0.18.04.10 etc
and Feb 3 18:05:11 dinar-HP-Pavilion-g7-Notebook-PC kernel: [83143.894148] audit: type=1400 audit(1612364711.925:597): apparmor="ALLOWED" operation="open" profile="libreoffice-soffice" name="/proc/version" pid=45709 comm="soffice.bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice in Ubuntu. https://bugs.launchpad.net/bugs/1863151 Title: apparmor messages for libreoffice 1:6.0.7-0ubuntu0.18.04.10 etc Status in libreoffice package in Ubuntu: New Bug description: i have reported 3 bugs for apparmor's libreoffice profile: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1862331 https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1863097 https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1863103 i am afraid i make too much bug reports, so i am going to write other reports here, if they appear. i have now seen this message: Feb 13 20:56:25 dinar-Lenovo-G580 kernel: [29200.067772] audit: type=1400 audit(1581616585.668:272): apparmor="ALLOWED" operation="open" profile="libreoffice-soffice" name="/home/dinar/.config/dconf/user" pid=14211 comm="soffice.bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1863151/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1863151] Re: apparmor messages for libreoffice 1:6.0.7-0ubuntu0.18.04.10 etc
i modified it to this: owner @{libo_user_dirs}/{,**/}lu??*.tmp rwk, #Temporary file used when saving and reloaded profile with this sudo apparmor_parser -r -T -W /etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin and the messages (of the last type) disappeared. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice in Ubuntu. https://bugs.launchpad.net/bugs/1863151 Title: apparmor messages for libreoffice 1:6.0.7-0ubuntu0.18.04.10 etc Status in libreoffice package in Ubuntu: New Bug description: i have reported 3 bugs for apparmor's libreoffice profile: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1862331 https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1863097 https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1863103 i am afraid i make too much bug reports, so i am going to write other reports here, if they appear. i have now seen this message: Feb 13 20:56:25 dinar-Lenovo-G580 kernel: [29200.067772] audit: type=1400 audit(1581616585.668:272): apparmor="ALLOWED" operation="open" profile="libreoffice-soffice" name="/home/dinar/.config/dconf/user" pid=14211 comm="soffice.bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1863151/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1863151] Re: apparmor messages for libreoffice 1:6.0.7-0ubuntu0.18.04.10 etc
messages when opening a file: several lines of type Jul 8 09:28:31 dinar-comp kernel: [436272.154664] audit: type=1400 audit(1594189711.176:1784): apparmor="ALLOWED" operation="open" profile ="libreoffice-soffice" name= pid=194987 comm="pool-soffice" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 with file names in /home/dinar/Загрузки/ with different extensions, which are not allowed for libreoffice. is it possible to hide this messages with audit deny? messages when saving a file: Jul 8 09:29:25 dinar-comp kernel: [436326.363734] audit: type=1400 audit(1594189765.369:1806): apparmor="ALLOWED" operation="mknod" profile="libreoffice-soffice" name=2F686F6D652F64696E61722FD097D0B0D0B3D180D183D0B7D0BAD0B82F6C75313934393837637A647636682E746D70 pid=194987 comm="soffice.bin" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000 Jul 8 09:29:25 dinar-comp kernel: [436326.363772] audit: type=1400 audit(1594189765.369:1807): apparmor="ALLOWED" operation="open" profile="libreoffice-soffice" name=2F686F6D652F64696E61722FD097D0B0D0B3D180D183D0B7D0BAD0B82F6C75313934393837637A647636682E746D70 pid=194987 comm="soffice.bin" requested_mask="wrc" denied_mask="wrc" fsuid=1000 ouid=1000 Jul 8 09:29:25 dinar-comp kernel: [436326.364023] audit: type=1400 audit(1594189765.369:1808): apparmor="ALLOWED" operation="open" profile="libreoffice-soffice" name=2F686F6D652F64696E61722FD097D0B0D0B3D180D183D0B7D0BAD0B82F6C75313934393837637A647636682E746D70 pid=194987 comm="soffice.bin" : the code decoded is /home/dinar/Загрузки/lu194987czdv6h.tmp there is this corresponding rule in /etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin : owner @{libo_user_dirs}/{,**/}lu??{,?}.tmp rwk, #Temporary file used when saving with man apparmor.d i see: {ab,cd} will expand to one rule to match ab, one rule to match cd so, the rule allows only 10 or 11 chars after lu, before dot, but there is 12. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice in Ubuntu. https://bugs.launchpad.net/bugs/1863151 Title: apparmor messages for libreoffice 1:6.0.7-0ubuntu0.18.04.10 etc Status in libreoffice package in Ubuntu: New Bug description: i have reported 3 bugs for apparmor's libreoffice profile: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1862331 https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1863097 https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1863103 i am afraid i make too much bug reports, so i am going to write other reports here, if they appear. i have now seen this message: Feb 13 20:56:25 dinar-Lenovo-G580 kernel: [29200.067772] audit: type=1400 audit(1581616585.668:272): apparmor="ALLOWED" operation="open" profile="libreoffice-soffice" name="/home/dinar/.config/dconf/user" pid=14211 comm="soffice.bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1863151/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1863151] Re: apparmor messages for libreoffice 1:6.0.7-0ubuntu0.18.04.10 etc
i think that that means that apparmor profile lags behind libreoffice and should be updated. if it is by design, than there could be comments about that, and it is possible to remove the logs by "deny" keywords. that messages are bad because they use space in syslog making it harder to read, and they appear on desktop if aa-notify is used. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice in Ubuntu. https://bugs.launchpad.net/bugs/1863151 Title: apparmor messages for libreoffice 1:6.0.7-0ubuntu0.18.04.10 etc Status in libreoffice package in Ubuntu: New Bug description: i have reported 3 bugs for apparmor's libreoffice profile: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1862331 https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1863097 https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1863103 i am afraid i make too much bug reports, so i am going to write other reports here, if they appear. i have now seen this message: Feb 13 20:56:25 dinar-Lenovo-G580 kernel: [29200.067772] audit: type=1400 audit(1581616585.668:272): apparmor="ALLOWED" operation="open" profile="libreoffice-soffice" name="/home/dinar/.config/dconf/user" pid=14211 comm="soffice.bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1863151/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1863151] Re: apparmor messages for libreoffice 1:6.0.7-0ubuntu0.18.04.10 etc
I understand the issue with cert8.db and key3.db being used (#1862331) but I don't see what the problem is with the other apparmor messages you see in journalctl. Can you please make clear what the problem with these messages are? -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice in Ubuntu. https://bugs.launchpad.net/bugs/1863151 Title: apparmor messages for libreoffice 1:6.0.7-0ubuntu0.18.04.10 etc Status in libreoffice package in Ubuntu: New Bug description: i have reported 3 bugs for apparmor's libreoffice profile: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1862331 https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1863097 https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1863103 i am afraid i make too much bug reports, so i am going to write other reports here, if they appear. i have now seen this message: Feb 13 20:56:25 dinar-Lenovo-G580 kernel: [29200.067772] audit: type=1400 audit(1581616585.668:272): apparmor="ALLOWED" operation="open" profile="libreoffice-soffice" name="/home/dinar/.config/dconf/user" pid=14211 comm="soffice.bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1863151/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp