Bug#882597: libreoffice: Failed to start when apparmor is running because of user rights

To: Michael Ott <kc.videri@gmail.com>, 882597@bugs.debian.org
Subject: Bug#882597: libreoffice: Failed to start when apparmor is running because of user rights
From: Rene Engelhard <rene@debian.org>
Date: Fri, 24 Nov 2017 23:14:28 +0100
Message-id: <[🔎] 20171124221428.a26r5ptqtrz6l56i@rene-engelhard.de>
Reply-to: Rene Engelhard <rene@debian.org>, 882597@bugs.debian.org
In-reply-to: <[🔎] 151153040033.9873.9114064846175597700.reportbug@king-coder13.king-coder>
References: <[🔎] 151153040033.9873.9114064846175597700.reportbug@king-coder13.king-coder> <[🔎] 151153040033.9873.9114064846175597700.reportbug@king-coder13.king-coder>

On Fri, Nov 24, 2017 at 02:33:20PM +0100, Michael Ott wrote:
> Package: libreoffice
> Version: 1:5.4.3-2
> Severity: important
> 
> Dear Maintainer,
> 
> start libreoffice with
> soffice -env:UserInstallation=file:///tmp/test
> always works
> 
> start libreoffice with
> soffice -env:UserInstallation=file:///srv/home/michael/tmp/
> does not work. Home folder is srv/home/michael

Sigh. Feared something like this.

So you try to access stuff outside the LO profile?

>From the profile:

https://cgit.freedesktop.org/libreoffice/core/tree/sysui/desktop/apparmor/program.soffice.bin#n93:

owner @{HOME}/.config/libreoffice{,dev}/** rwk,

so no access outside its profile allowed if I read that right.
I'd guess that soffice -env:UserInstallation=file:///srv/home/michael would work?

The profile also says:

"# This profile should enable the average LibreOffice user to get their 
# work done while blocking some advanced usage
# Namely not tested and likely not working : embedded plugins,
# Using the LibreOffice SDK and other development tasks"

> 1. Start system
> 2. Start libreoffice.
> -> cannot start because of to less user rights in config folder
> 3. Switch of apprmor with service apparmor teardown

Or aa-unconfined/-disable?

> 4. Start libreoffice
> -> works
> 5. Close libreoffice
> 6. Start apparmor
> 6. Start libreoffice
> -> works again

You mean _not_ after 6?. Otherwise this doesn't make sense?

> 
> I hope that it helps

Unfortunately there seems no way to install a profile but keep it
"unconfined), only to just disable it.. Maybe I should keep it
installed but disabled...

> Debian Release: buster/sid
>   APT prefers unstable
>   APT policy: (700, 'unstable'), (650, 'testing'), (600, 'stable'), (500, 'stable-updates'), (500, 'experimental')
> Architecture: amd64 (x86_64)
> Foreign Architectures: i386

Not that it's related, but yeah, right, install everything from
experimental. Well, unstable has higher prio still but
you got java-common/default-jre etc and libc6 from there...

Regards,

Rene

Reply to:

Follow-Ups:
- Bug#882597: libreoffice: Failed to start when apparmor is running because of user rights
  - From: intrigeri <intrigeri@debian.org>

References:
- Bug#882597: libreoffice: Failed to start when apparmor is running because of user rights
  - From: Michael Ott <kc.videri@gmail.com>

Prev by Date: Bug#882597: libreoffice: Failed to start when apparmor is running because of user rights
Next by Date: Processed: found 882597 in 1:5.4.1-1
Previous by thread: Bug#882597: libreoffice: Failed to start when apparmor is running because of user rights
Next by thread: Bug#882597: libreoffice: Failed to start when apparmor is running because of user rights
Index(es):
- Date
- Thread