Bug#962903: libreoffice: Fails to open any PDF ("This PDF file is encrypted and can't be opened.")
tag 962903 - moreinfo
tag 962903 - unreproducible
retitle 962903 Fails to open any PDF ("This PDF file is encrypted and
can't be opened.") if TMPDIR is not /tmp (apparmor DENIED)
severity 962903 minor
tag 962903 + wontfix
thanks
Am 20.06.20 um 14:11 schrieb Rene Engelhard:
> 2575 19:27:45.464196 openat(AT_FDCWD, "/tmp/test-tmp-ametzler/Qqf3SE", O_RDONLY) = -1 EACCES (Permission denied)
> I wonder about that /tmp/test-tmp-ametzler.
>
>
> The apparmor rules might just allow /tmp/*, not /tmp/something/*.
profile libreoffice-xpdfimport /usr/lib/libreoffice/program/xpdfimport {
#include <abstractions/base>
owner /tmp/* r, #Seems to need to read file created
with pattern /tmp/RRRRRR
owner /tmp/lu** rw, #makes files like
luRRRRR.tmp/lubRRRR.tmp where R is random
#Note, usually it's lub or luc, don't
know why.
[...]
> Ah, yes:
>
> Indeed, if I set TMPDIR=/tmp/test I get that
>
> "This PDF file is encrypted and can't be opened".
>
>
> dmesg shows e.g.:
>
> "[ 692.0171072] audit: type=1400 audit(159265461.660:88): apparmor="DENIED" opereation="open" profile="libreoffice-xpdfimport" name="/tmp/test/4DyliY" pid=2661 comm="xpdfimport" requested_mask="r" denied_masj="r" fsuid=1000 ouid=1000"
>
> And indeed, if I set that profile to complain only it works.
Based on that and the last sentence changing the status and marking this
as wontfix.#
Regards,
Rene
Reply to: