Bug#982274: usr.lib.libreoffice.program.soffice.bin: temporary files are not allowed due to length change
2021-03-09 20:40, Rene Engelhard rašė: I've looked at the https://salsa.debian.org/libreoffice-team/libreoffice/libreoffice/-/commit/03ba395bbe21154efc8a05dfbb9f7c16946eb4d2 diff linked in one of the posts and I see 11 question marks, not 9. > Hmm, indeed. My bad. That means we need to do some distinction like you suggested? The original report just said basically "works if I add another digit", so that was what I did :-) Best would be to find source code and see how these random paths are actually generated, instead of guessing. If it's really 9-to-11, my solution fits. Complain-by-default is really bad policy, is there a hope to change that (having it without complain mode, but with "disabled" symlink)? Personal opinion: I actually consider "ship a profile disabled" even worse than "complain" since stuff won't even be seen. As of now you see ALLOWED in the logs at least. I disagree, as in my case, you can *lose* confinement (security) "silently" after upgrade (when flags=complain returns), as in this my LibreOffice case. And, for example, Thunderbird package does upgrade it's AppArmor profile, probably because it's allowed do get new upstream Thunderbird version too, as a exception? As for visibility, I agree it could be better. For example, maybe `aa-status` could list disabled profiles too. Of course, profile might be corrupted/buggy/unparsable (and that's why disabled) so care should be taken, but maybe that would help a bit. ALLOWED is useful, but maybe we who cares about AppaArmor profiles can just use profiles enforced and report bugs in Sid, as expected. Well, I did, but got silently "complained"...
Bug#982274: usr.lib.libreoffice.program.soffice.bin: temporary files are not allowed due to length change
Hi,
Am 09.03.21 um 19:27 schrieb Vincas Dargis:
> Changing rule into this:
>>>
>>> owner @{libo_user_dirs}/{,**/}lu?{,?,??}.tmp rwk, #Temporary
>>> file used when saving
>>>
>>> Did the trick (needed 9 symbol variant).
>>
>> As was done.
>>
>>
>> If you would actually have read the bug you would have seen that.
>
> I've looked at the
> https://salsa.debian.org/libreoffice-team/libreoffice/libreoffice/-/commit/03ba395bbe21154efc8a05dfbb9f7c16946eb4d2
> diff linked in one of the posts and I see 11 question marks, not 9.
>
Hmm, indeed. My bad.
That means we need to do some distinction like you suggested? The
original report just said basically "works if I add another digit", so
that was what I did :-)
>> No one claimed this was fixed in 7.0.4.
>>
>> 7.0.x is in freeze. (It is in git for 7.0.x though should there ever be
>> an upload,)
>
>
> So this means that's it, profile will be defunct as users will not be
> able to save on Bullseye with profile enabled? :(
>
Jup, unfortunately.
> Complain-by-default is really bad policy, is there a hope to change
> that (having it without complain mode, but with "disabled" symlink)?
Personal opinion: I actually consider "ship a profile disabled" even
worse than "complain" since stuff won't even be seen. As of now you see
ALLOWED in the logs at least.
Regards,
Rene
Bug#982274: usr.lib.libreoffice.program.soffice.bin: temporary files are not allowed due to length change
2021-03-08 21:51, Rene Engelhard wrote:
Yes, it is done.
In 7.1. As the version tracking info clearly showed.
Ouch.. I've missed the version number, sorry...
Changing rule into this:
owner @{libo_user_dirs}/{,**/}lu?{,?,??}.tmp rwk, #Temporary
file used when saving
Did the trick (needed 9 symbol variant).
As was done.
If you would actually have read the bug you would have seen that.
I've looked at the
https://salsa.debian.org/libreoffice-team/libreoffice/libreoffice/-/commit/03ba395bbe21154efc8a05dfbb9f7c16946eb4d2 diff
linked in one of the posts and I see 11 question marks, not 9.
No one claimed this was fixed in 7.0.4.
7.0.x is in freeze. (It is in git for 7.0.x though should there ever be
an upload,)
So this means that's it, profile will be defunct as users will not be able to
save on Bullseye with profile enabled? :(
I wish I enabled it before.. I *was* using it in enforce mode some time ago, and even proposed some fixes upsteam, but
probably forgot to re-enforce after some upgrade.
Complain-by-default is really bad policy, is there a hope to change that (having it without complain mode, but with
"disabled" symlink)?
Bug#982274: usr.lib.libreoffice.program.soffice.bin: temporary files are not allowed due to length change
Hi, for avoidance of doubt... Am 08.03.21 um 20:51 schrieb Rene Engelhard: >> type=AVC msg=audit(1615225628.771:1363): apparmor="DENIED" >> operation="mknod" profile="libreoffice-soffice" >> name="/home/vincas/Dokumentai/lu4638vdjw1.tmp" pid=4638 >> comm="soffice.bin" requested_mask="c" denied_mask="c" fsuid=1000 >> ouid=1000FSUID="vincas" OUID="vincas" >> > Just because you enable the profile. "Set the profile to enforcing" (from complain) I mean. Regards, Rene
Bug#982274: usr.lib.libreoffice.program.soffice.bin: temporary files are not allowed due to length change
Control: reopen -1
I see this bug marked as Done but I just got denial today:
type=AVC msg=audit(1615225628.771:1363): apparmor="DENIED" operation="mknod" profile="libreoffice-soffice"
name="/home/vincas/Dokumentai/lu4638vdjw1.tmp" pid=4638 comm="soffice.bin" requested_mask="c" denied_mask="c" fsuid=1000
ouid=1000FSUID="vincas" OUID="vincas"
Changing rule into this:
owner @{libo_user_dirs}/{,**/}lu?{,?,??}.tmp rwk, #Temporary file used
when saving
Did the trick (needed 9 symbol variant).
Bug#982274: usr.lib.libreoffice.program.soffice.bin: temporary files are not allowed due to length change
Hi,
Am 08.02.21 um 03:15 schrieb Paul Wise:
> Tags: patch
No, No patch.
patch does not mean "add a ?" but if at all someting like this
$ git diff sysui/desktop/apparmor/program.soffice.bin
diff --git a/sysui/desktop/apparmor/program.soffice.bin
b/sysui/desktop/apparmor/program.soffice.bin
index 42053db2abef..83bd9d11f93c 100644
--- a/sysui/desktop/apparmor/program.soffice.bin
+++ b/sysui/desktop/apparmor/program.soffice.bin
@@ -101,7 +101,7 @@ profile libreoffice-soffice
INSTDIR-program/soffice.bin {
owner @{libo_user_dirs}/**/ rw, #allow creating
directories that we own
owner @{libo_user_dirs}/**~lock.* rw, #lock file support
owner @{libo_user_dirs}/**.@{libreoffice_ext} rwk, #Open files rw
with the right exts
- owner @{libo_user_dirs}/{,**/}lu??{,?}.tmp rwk, #Temporary
file used when saving
+ owner @{libo_user_dirs}/{,**/}lu???{,?}.tmp rwk, #Temporary
file used when saving
owner @{libo_user_dirs}/{,**/}.directory r, #Read directory settings
on KDE
# Settings
(Which is even trivially to do in /etc/apparmor.d if you don't know the
source path. This won
t necessarily help since the path is there in the generated file but if
yoz're lucky and are far away "enough" from the profile path..)
Not removing the patch since it's now actually has one..
> When I open a document in my home directory in libreoffice I get this:
>
>Feb 08 08:08:48 audit[474619]: AVC apparmor="DENIED" operation="open"
> profile="libreoffice-soffice" name="/home/pabs/lu474619vthyvt.tmp" pid=474619
> comm="soffice.bin" requested_mask="wrc" denied_mask="wrc" fsuid=1000 ouid=1000
Didn't you already ask on IRC some weeks ago about this?
Did you manually set it to enabled from the default complain-only mode
or how did the soffice.bin get into complain mode?
> The reason is that this rule allowing temporary files is too short:
>
> owner @{libo_user_dirs}/{,**/}lu??{,?}.tmp rwk, #Temporary file
> used when saving
>
> Adding one more possible temporary filename length fixes the denial:
>
> owner @{libo_user_dirs}/{,**/}lu??{,?,??}.tmp rwk, #Temporary
> file used when saving
Did you change it or do you mean upstream did?
Addendum: Yes, apprarently something changed and it got hidden due to it
being complain-only.
Indeed I get ALLOWED entries in the log.
Regards,
Rene
Bug#982274: usr.lib.libreoffice.program.soffice.bin: temporary files are not allowed due to length change
Package: libreoffice-common
Version: 1:7.0.4-3
Severity: important
File: /etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin
Usertags: apparmor
Tags: patch
When I open a document in my home directory in libreoffice I get this:
Feb 08 08:08:48 audit[474619]: AVC apparmor="DENIED" operation="open"
profile="libreoffice-soffice" name="/home/pabs/lu474619vthyvt.tmp" pid=474619
comm="soffice.bin" requested_mask="wrc" denied_mask="wrc" fsuid=1000 ouid=1000
The reason is that this rule allowing temporary files is too short:
owner @{libo_user_dirs}/{,**/}lu??{,?}.tmp rwk, #Temporary file
used when saving
Adding one more possible temporary filename length fixes the denial:
owner @{libo_user_dirs}/{,**/}lu??{,?,??}.tmp rwk, #Temporary file
used when saving
I expect that just switching to a wildcard would work too and would be
much more likely to continue working if LibreOffice update the length.
owner @{libo_user_dirs}/{,**/}lu??*.tmp rwk, #Temporary file used
when saving
-- Package-specific info:
-- System Information:
Debian Release: bullseye/sid
APT prefers testing-debug
APT policy: (900, 'testing-debug'), (900, 'testing'), (800,
'unstable-debug'), (800, 'unstable'), (790, 'buildd-unstable'), (700,
'experimental-debug'), (700, 'experimental'), (690, 'buildd-experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-3-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8), LANGUAGE=en_AU:en
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages libreoffice-common depends on:
ii libnumbertext-data 1.0.7-1
ii libreoffice-style-colibre 1:7.0.4-3
ii ucf3.0043
ii ure1:7.0.4-3
Versions of packages libreoffice-common recommends:
ii apparmor 2.13.6-7
pn fonts-liberation2 | ttf-mscorefonts-installer
ii libexttextcat-data 3.4.5-1
ii python3-uno1:7.0.4-3
ii xdg-utils 1.1.3-2
Versions of packages libreoffice-common suggests:
ii libreoffice-style-colibre [libreoffice-style] 1:7.0.4-3
Versions of packages python3-uno depends on:
ii libc62.31-9
ii libgcc-s110.2.1-6
ii libpython3.9 3.9.1-3
ii libreoffice-core 1:7.0.4-3
ii libstdc++6 10.2.1-6
ii libuno-cppu3 1:7.0.4-3
ii libuno-cppuhelpergcc3-3 1:7.0.4-3
ii libuno-sal3 1:7.0.4-3
ii libuno-salhelpergcc3-3 1:7.0.4-3
ii python3 3.9.1-1
ii python3.93.9.1-3
ii ucf 3.0043
ii uno-libs-private 1:7.0.4-3
-- no debconf information
--
bye,
pabs
https://wiki.debian.org/PaulWise
signature.asc
Description: This is a digitally signed message part
