Bug#911897: AppArmor "complain" for oosplash & soffice

To: Anthony DeRobertis <anthony@derobert.net>, 911897@bugs.debian.org
Subject: Bug#911897: AppArmor "complain" for oosplash & soffice
From: Rene Engelhard <rene@debian.org>
Date: Fri, 26 Oct 2018 17:26:56 +0200
Message-id: <[🔎] 20181026152656.GB1080@rene-engelhard.de>
Reply-to: Rene Engelhard <rene@debian.org>, 911897@bugs.debian.org
In-reply-to: <[🔎] 154050416761.4705.9397244616537559593.reportbug@Zia.metrics.net>
References: <[🔎] 154050416761.4705.9397244616537559593.reportbug@Zia.metrics.net> <[🔎] 154050416761.4705.9397244616537559593.reportbug@Zia.metrics.net>

Hi,

On Thu, Oct 25, 2018 at 05:49:27PM -0400, Anthony DeRobertis wrote:
> I understand the goal is to get AppArmor back in to enforcing mode
> someday, so presumably these complain-mode allow messages are of use.
> Presumably the xauth one will effect a lot of people (as that's the
> value of $XAUTHORITY here, set by KDE/sddm).

Maybe.

> Then there is a lot of nVidia stuff, probably from this machine using the nVidia proprietary
> driver.

Then the nvidia drivers (which I do not care about at all, to be honest)
or libdrm or whatever should ship needed stuff. I mean, it's not LO using
the stuff directly, it's those. It would imho be completely nonsense to
make LO honour driver-specific things for every possible driver.

I think I saw these once in an other report where I reassigned that one
or a clone to either of those, need to search for it...

> (Side note, I understand sandboxing web browsers and the like with
> AppArmor. Firefox shouldn't have random access to $HOME. But I wonder if
> its really worth it for LibreOffice; by its nature it must have access
> to my important documents. But that's a discussion for elsewhere, I'm
> sure.)

Yes, and there's the "get xyz from the filesystem" or "do not run xyz
after a security bug was used" scenario.

I wouldn't have written a profile if one (incomplete and ooold, as noticed.) wasn't
already there and ready to be installed.

> Installed VCLplugs:
> Desired=Unknown/Install/Remove/Purge/Hold
> | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
> |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
> ||/ Name             Version      Architecture Description
> +++-================-============-============-=================================
> un  libreoffice-gtk2 <none>       <none>       (no description available)
> un  libreoffice-gtk3 <none>       <none>       (no description available)
> un  libreoffice-kde  <none>       <none>       (no description available)

Not that it matters here, but no -kde(5) even when you're using KDE?

Regards,

Rene

Reply to:

Follow-Ups:
- Bug#911897: AppArmor "complain" for oosplash & soffice
  - From: Rene Engelhard <rene@debian.org>
- Bug#911897: AppArmor "complain" for oosplash & soffice
  - From: Anthony DeRobertis <anthony@derobert.net>

References:
- Bug#911897: AppArmor "complain" for oosplash & soffice
  - From: Anthony DeRobertis <anthony@derobert.net>

Prev by Date: Bug#911897: AppArmor "complain" for oosplash & soffice
Next by Date: Processed: Re: Bug#911897: AppArmor "complain" for oosplash & soffice
Previous by thread: Bug#911897: AppArmor "complain" for oosplash & soffice
Next by thread: Bug#911897: AppArmor "complain" for oosplash & soffice
Index(es):
- Date
- Thread