Bug#911897: AppArmor "complain" for oosplash & soffice
Hi,
On Thu, Oct 25, 2018 at 05:49:27PM -0400, Anthony DeRobertis wrote:
> I understand the goal is to get AppArmor back in to enforcing mode
> someday, so presumably these complain-mode allow messages are of use.
> Presumably the xauth one will effect a lot of people (as that's the
> value of $XAUTHORITY here, set by KDE/sddm).
Maybe.
> Then there is a lot of nVidia stuff, probably from this machine using the nVidia proprietary
> driver.
Then the nvidia drivers (which I do not care about at all, to be honest)
or libdrm or whatever should ship needed stuff. I mean, it's not LO using
the stuff directly, it's those. It would imho be completely nonsense to
make LO honour driver-specific things for every possible driver.
I think I saw these once in an other report where I reassigned that one
or a clone to either of those, need to search for it...
> (Side note, I understand sandboxing web browsers and the like with
> AppArmor. Firefox shouldn't have random access to $HOME. But I wonder if
> its really worth it for LibreOffice; by its nature it must have access
> to my important documents. But that's a discussion for elsewhere, I'm
> sure.)
Yes, and there's the "get xyz from the filesystem" or "do not run xyz
after a security bug was used" scenario.
I wouldn't have written a profile if one (incomplete and ooold, as noticed.) wasn't
already there and ready to be installed.
> Installed VCLplugs:
> Desired=Unknown/Install/Remove/Purge/Hold
> | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
> |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
> ||/ Name Version Architecture Description
> +++-================-============-============-=================================
> un libreoffice-gtk2 <none> <none> (no description available)
> un libreoffice-gtk3 <none> <none> (no description available)
> un libreoffice-kde <none> <none> (no description available)
Not that it matters here, but no -kde(5) even when you're using KDE?
Regards,
Rene
Reply to: