Public bug reported: libreoffice accesses firefox's cert8.db and key3.db, i have found this from apparmor log messages. i googled "libreoffice cert8.db key3.db" and have found out that seems libreoffice does this by design. see https://bugs.documentfoundation.org/show_bug.cgi?id=119811 , https://weekly-geekly.github.io/articles/357692/index.html . do you agree with this? then there should be allow rule, i think. if you do not, then should be a comment and / or deny rule.
does libreoffice really need write access to these files? i think it can potentially add some bad certificates, and some sites would have verified sign then, while user has not added it to exceptions. i think if user have not secured his master password, it can be considered it is ok if some app can access his passwords. i think this pages also can be helpful: https://stackoverflow.com/questions/45126738/what-is-cert8-db-and-key3 -db-file , https://developer.mozilla.org/en- US/docs/Mozilla/Projects/NSS/tools/NSS_Tools_certutil , these are found by googling "cert8.db key3.db". this also can be helpful: https://en.wikipedia.org/wiki/Public_key_certificate . ** Affects: libreoffice (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice in Ubuntu. https://bugs.launchpad.net/bugs/1862331 Title: mozilla cert8.db and key3.db are denied by apparmor Status in libreoffice package in Ubuntu: New Bug description: libreoffice accesses firefox's cert8.db and key3.db, i have found this from apparmor log messages. i googled "libreoffice cert8.db key3.db" and have found out that seems libreoffice does this by design. see https://bugs.documentfoundation.org/show_bug.cgi?id=119811 , https://weekly-geekly.github.io/articles/357692/index.html . do you agree with this? then there should be allow rule, i think. if you do not, then should be a comment and / or deny rule. does libreoffice really need write access to these files? i think it can potentially add some bad certificates, and some sites would have verified sign then, while user has not added it to exceptions. i think if user have not secured his master password, it can be considered it is ok if some app can access his passwords. i think this pages also can be helpful: https://stackoverflow.com/questions/45126738/what-is-cert8-db-and-key3 -db-file , https://developer.mozilla.org/en- US/docs/Mozilla/Projects/NSS/tools/NSS_Tools_certutil , these are found by googling "cert8.db key3.db". this also can be helpful: https://en.wikipedia.org/wiki/Public_key_certificate . To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1862331/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp