I don't know all that much about configuring AppArmor, but for what it's
worth for me on Linux Mint Sylvia 18.3 (still supported, although older
than your Tara 19.0) using the LibreOffice PPA for its newer versions of
LibreOffice (currently 6.2.8)...
Gys wrote:
Hi,
in my Linux Mint Tara aa-status lists 3 profiles related to LibreOffice :
libreoffice-xpdfimport (enforce)
libreoffice-senddoc (enforce)
libreoffice-oopslash (complain)
I have:
libreoffice-senddoc (enforce)
libreoffice-soffice//gpg (enforce)
libreoffice-xpdfimport (enforce)
libreoffice-oopslash (complain)
libreoffice-soffice (complain)
In the kernel log libreoffice-oopslash is complaining about a lot of
things.
Looking at my logs from the last week, I see a few "audit" messages
relating to libreoffice-soffice and libreoffice-oopslash. Looks like a
cluster of about 10 entries for libreoffice-soffice each time I start
LibreOffice, with a few others for soffice and oopslash in between - but
I don't tend to be using it continuously for hours on end.
Both the program and the profile in Nemo is oosplash
usr/lib/libreoffice/program/oosplash
/etc/apparmor.d/usr.lib.libreoffice.program.oosplash
Search oopslash in / in Nemo gives no results
Questions
1) Is the "p" and "s" reversal a typo ?
As mentioned at the start, I'm no expert on AppArmor, but it does look
suspiciously like a typo. I guess it might only affect the displayed
name of the profile though, since the executable it applies to appears
to be correctly spelled "oosplash":
profile libreoffice-oopslash /usr/lib/libreoffice/program/oosplash
flags=(complain) {...}
2) Why is there no profile for /usr/lib/libreoffice/program/soffice.bin ?
For me the files,
including one for soffice.bin, are provided by the libreoffice-common
package, which I've installed from the PPA. From a quick look at the
.deb packages from libreoffice.org it doesn't look like any of them
contain AppArmor profiles, so I'd guess they're added by the Ubuntu/PPA
package maintainer. Perhaps the PPA maintainer adds a profile for
soffice.bin while the Ubuntu one doesn't.
3) Is there anyone here with a working AppArmor profile for LibreOffice
and would you be so kind to share ?
I've attached the libreoffice-soffice profile installed on my system
(with a .txt extension added - hopefully enough to get it through the
mailing list). No guarantee it will work with your version though. It
does say in comments near the top:
# This profile should enable the average LibreOffice user to get their
# work done while blocking some advanced usage
# ...
so I guess some complaints in "complain" mode may be expected.
4) I looked on-line but could not find an updated AppArmor profile for
LibreOffice or even the profile shipped with Version: 6.0.7.3
Build ID: 1:6.0.7-0ubuntu0.18.04.10 (?)
I've no idea who actually maintains them. From a quick look, it doesn't
look like any of the .deb files downloaded from libreoffice.org contains
AppArmor profiles, so I'm guessing they're added by the Ubuntu/PPA
package maintainer.
--
Mark.
# --
#
#Copyright (C) 2016 Canonical Ltd.
#Copyright (C) 2018 Software in the Public Interest, Inc.
#
#This Source Code Form is subject to the terms of the Mozilla Public
#License, v. 2.0. If a copy of the MPL was not distributed with this
#file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
#Authors: Jonathan Davies
# Bryan Quigley
# Rene Engelhard
#
# --
# This profile should enable the average LibreOffice user to get their
# work done while blocking some advanced usage
# Namely not tested and likely not working : embedded plugins,
# Using the LibreOffice SDK and other development tasks
# Everything else should be working
#Defines all common supported file formats
#Some obscure ones we're excluded (mostly input)
#Generic
#.txt
@{libreoffice_ext} = [tT][xX][tT]
#All the open document format
@{libreoffice_ext} += {,f,F}[oO][dDtT][tTsSpPbBgGfF]
#.xml and xsl
@{libreoffice_ext} += [xX][mMsS][lL]
#.pdf
@{libreoffice_ext} += [pP][dD][fF]
#Unified office format
@{libreoffice_ext} += [uU][oO][fFtTsSpP]
#(x)htm(l)
@{libreoffice_ext} += {,x,X}[hH][tT][mM]{,l,L}
#.epub
@{libreoffice_ext} += [eE][pP][uU][bB]
#.ps (printing to file)
@{libreoffice_ext} += [pP][sS]
#Images
@{libreoffice_ext} += [jJ][pP][gG]
@{libreoffice_ext} += [jJ][pP][eE][gG]
@{libreoffice_ext} += [pP][nN][gG]
@{libreoffice_ext} += [sS][vV][gG]
@{libreoffice_ext} += [sS][vV][gG][zZ]99251
@{libreoffice_ext} += [tT][iI][fF]
@{libreoffice_ext} += [tT][iI][fF][fF]
#Writer
@{libreoffice_ext} += [dD][oO][cCtT]{,x,X}
@{libreoffice_ext} += [rR][tT][fF]
#Calc
@{libreoffice_ext} += [xX][lL][sStT]{,x,X,m,M}
@{libreoffice_ext} += [xX][lL][wW]
#.dif dbf
@{libreoffice_ext} += [dD][iIbB][fF]
#.tsv .csv
