[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#911897: AppArmor "complain" for oosplash & soffice



Hi,

On Thu, Oct 25, 2018 at 05:49:27PM -0400, Anthony DeRobertis wrote:
> I understand the goal is to get AppArmor back in to enforcing mode
> someday, so presumably these complain-mode allow messages are of use.
> Presumably the xauth one will effect a lot of people (as that's the
> value of $XAUTHORITY here, set by KDE/sddm).

Maybe.

> Then there is a lot of nVidia stuff, probably from this machine using the nVidia proprietary
> driver.

Then the nvidia drivers (which I do not care about at all, to be honest)
or libdrm or whatever should ship needed stuff. I mean, it's not LO using
the stuff directly, it's those. It would imho be completely nonsense to
make LO honour driver-specific things for every possible driver.

I think I saw these once in an other report where I reassigned that one
or a clone to either of those, need to search for it...

> (Side note, I understand sandboxing web browsers and the like with
> AppArmor. Firefox shouldn't have random access to $HOME. But I wonder if
> its really worth it for LibreOffice; by its nature it must have access
> to my important documents. But that's a discussion for elsewhere, I'm
> sure.)

Yes, and there's the "get xyz from the filesystem" or "do not run xyz
after a security bug was used" scenario.

I wouldn't have written a profile if one (incomplete and ooold, as noticed.) wasn't
already there and ready to be installed.

> Installed VCLplugs:
> Desired=Unknown/Install/Remove/Purge/Hold
> | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
> |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
> ||/ Name             Version      Architecture Description
> +++-================-============-============-=================================
> un  libreoffice-gtk2 <none>       <none>       (no description available)
> un  libreoffice-gtk3 <none>       <none>       (no description available)
> un  libreoffice-kde  <none>       <none>       (no description available)

Not that it matters here, but no -kde(5) even when you're using KDE?

Regards,

Rene


Reply to: