Bug#899380: libreoffice-common: AppArmor profile prohibits encrypting documents with GPG
tag 899380 + moreinfo
tag 899380 + unreproducible
thanks
Hi,
On Wed, May 23, 2018 at 10:22:24AM -0400, John Scott wrote:
> apparmor="DENIED" operation="open" profile="libreoffice-soffice//gpg" name="/home/john/.gnupg/trustdb.gpg" pid=2308 comm="gpg" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000
> apparmor="DENIED" operation="file_lock" profile="libreoffice-soffice//gpg" name="/home/john/.gnupg/random_seed" pid=2804 comm="gpg" requested_mask="k" denied_mask="k" fsuid=1000 ouid=1000
Did it really fail to sign?
I tried that once when this was new.... Worked for me (the gpg stuff there
is actually from me.).
Let's try now, though, current buster.
root@frodo:/home/rene# aa-status
apparmor module is loaded.
33 profiles are loaded.
31 profiles are in enforce mode.
[...]
libreoffice-soffice//gpg
[...]
2 profiles are in complain mode.
libreoffice-oopslash
libreoffice-soffice
[...]
root@frodo:/home/rene# aa-enforce /etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin
Setting /etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin to enforce mode.
root@frodo:/home/rene# aa-status
apparmor module is loaded.
33 profiles are loaded.
32 profiles are in enforce mode.
[...]
libreoffice-soffice
libreoffice-soffice//gpg
[...]
root@frodo:/home/rene#
root@frodo:/home/rene# /etc/init.d/apparmor reload
[ ok ] Reloading apparmor configuration (via systemctl): apparmor.service.
Can sign just fine.
(but yes, I get the DENIED, too)
> I'd hate to cram two unrelated bugs in one report, but
> since the fixes will be in the AppArmor profiles anyway,
> I hope you don't mind.
Actually I do :-)
Regards,
Rene
Reply to: