[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#887593: More apparmor="ALLOWED" messages in syslog.

Hi,

On Sat, Feb 17, 2018 at 08:05:26PM +0200, Vincas Dargis wrote:
> I guess we need yet another abstraction to prepare :) . I could search for

Yeah. And update the kde one...

https://cgit.freedesktop.org/libreoffice/core/commit/?id=b13678b1e1d6f4cac548ae7e088b6030c31cf081

(for 6.1)

> > w?
> > 
> > The document opened, though or did that fail?
> 
> Looks like "xpdfimport" inherited file handle from parent (soffice.bin?).
> 
> I do not see rules allowing to read PDF files from anywhere in
> `usr.lib.libreoffice.program.xpdfimport`. If `xpdfimport` only actually
> reads PDF's from these `/tmp/*` paths (maybe soffice.bin copies it there? I
> do not know how it works), it might mean that it would work without
> allowing. It could be simply a artifact, inherited file handle and would not
> be allowed for xpdfimport to read/write, but it doesn't meen it actually
> uses it, if I understood explanation myself. I've seen this in other
> profiles, denying these noises could be a solution.

Ah, interesting. Yeah, could be, "of course" draw would open stuff rw...

> > Hrmpf. more mozilla stuff.
> 
> It would be nice if LibreOffice would have utility application for dealing
> with these signing stuff, not accessing these files directly...

Jup. That made gpg in a subprofile possible. Then again, for
lo_kde5filepicker above that's also done but we need to allow a shitload
of other stuff, too (see above commit).

Regards,

Rene
>
Reply to: