[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#899380: libreoffice-common: AppArmor profile prohibits encrypting documents with GPG

Package: libreoffice-common
Version: 1:6.0.4~rc1-4
Severity: normal

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

I've found a couple issues in the AppArmor profile,
the most notable of which causes LibreOffice to
freeze when attempting to save and encrypt a
document with a GnuPG key because the profile is
enforced by default. (It seems impossible to
encrypta document at all with 6.0.4-1.)

Here are messages from my kernel log:

apparmor="DENIED" operation="open" profile="libreoffice-soffice//gpg" name="/home/john/.gnupg/trustdb.gpg" pid=2308 comm="gpg" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000
apparmor="DENIED" operation="file_lock" profile="libreoffice-soffice//gpg" name="/home/john/.gnupg/random_seed" pid=2804 comm="gpg" requested_mask="k" denied_mask="k" fsuid=1000 ouid=1000

Navigating 'User Data' in Options will cause AppArmor's
denial too.

I'd hate to cram two unrelated bugs in one report, but
since the fixes will be in the AppArmor profiles anyway,
I hope you don't mind.

With Java 10 installed, I also get this:

apparmor="ALLOWED" operation="exec" profile="libreoffice-soffice" name="/usr/lib/jvm/java-10-openjdk-amd64/bin/java" pid=2320 comm="osl_executeProc" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 target="libreoffice-soffice//null-/usr/lib/jvm/java-10-openjdk-amd64/bin/java"

I don't know much about AppArmor, but I noticed the
profile has this line in it:

/usr/lib{,32,64}/jvm/**/jre/bin/java	mix,

which only differs from the path LibreOffice was
accessing by there being no jre/ in the latter, if
that could explain the cause.

- -- System Information:
Debian Release: buster/sid
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.16.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libreoffice-common depends on:
ii  libreoffice-style-tango  1:6.0.4~rc1-4
ii  ure                      6.0.4~rc1-4

Versions of packages libreoffice-common recommends:
ii  fonts-liberation2   2.00.1-6
ii  libexttextcat-data  3.4.5-1
ii  python3-uno         1:6.0.4~rc1-4
ii  xdg-utils           1.1.2-2

Versions of packages libreoffice-common suggests:
ii  libreoffice-style-galaxy [libreoffice-style]  1:6.0.4~rc1-4
ii  libreoffice-style-tango [libreoffice-style]   1:6.0.4~rc1-4

Versions of packages python3-uno depends on:
ii  libc6             2.27-3
ii  libgcc1           1:8.1.0-3
ii  libpython3.6      3.6.5~rc1-1
ii  libreoffice-core  1:6.0.4~rc1-4
ii  libstdc++6        8.1.0-3
ii  python3           3.6.4-1
ii  python3.6         3.6.5~rc1-1
ii  uno-libs3         6.0.4~rc1-4
ii  ure               6.0.4~rc1-4

- -- no debconf information

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEJwCMxdBfG24Y2trvfWFEpid5MHIFAlsFeR8ACgkQfWFEpid5
MHLgZQf+Ik7eA40l2VvUJ/wjOiz+lgepQJJWLQtk6R3f4RJ4VBXMUuKJWsxWqmUo
FYkZ6l9LzYNyHWrt6HX6vjZjKgWG2Cj8WGzDDfjHxHRkEzx+Uqw8pqcFyNQG8JvS
MJRJnmQFAX59GGFG65Nci12UVKR/29V31TG10zU6pzHXdQBvzwRLVrEhW57u6rAJ
hEhCAZvM5ULAbnDXoIpE0aX95HD5BAaf1V/5Pqd91wu4sDh9ruLDVgwC1QHCcyE2
+OtOTFpIKNGWKMPKYP3F/rWmOUo92511Sq79dYyI+hMIkMphvqTYWZUDNSdA84I/
XzP4ZNguLtGhg1oKEaUEmHPxGaXg6Q==
=sJeL
-----END PGP SIGNATURE-----
Reply to: