[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#962903: libreoffice: Fails to open any PDF ("This PDF file is encrypted and can't be opened.")

tag 962903 - wontfix
tag 962903 + patch
thanks

Hi,

Am 20.06.20 um 14:19 schrieb Rene Engelhard:
> Am 20.06.20 um 14:11 schrieb Rene Engelhard:
>> 2575  19:27:45.464196 openat(AT_FDCWD, "/tmp/test-tmp-ametzler/Qqf3SE", O_RDONLY) = -1 EACCES (Permission denied)
>> I wonder about that /tmp/test-tmp-ametzler.
>>
>>
>> The apparmor rules might just allow /tmp/*, not /tmp/something/*.
> 
> profile libreoffice-xpdfimport /usr/lib/libreoffice/program/xpdfimport {
>   #include <abstractions/base>
> 
>   owner /tmp/*              r,     #Seems to need to read file created
> with pattern /tmp/RRRRRR
>   owner /tmp/lu**           rw,    #makes files like
> luRRRRR.tmp/lubRRRR.tmp where R is random
>                                    #Note, usually it's lub or luc, don't
> know why.
> [...]

Sigh. Apparently #debian-devel disagrees here and says the profile is
buggy (which I do not agree with), but thankfully the fix should be easy:

diff --git a/sysui/desktop/apparmor/program.senddoc
b/sysui/desktop/apparmor/program.senddoc
index d659ec9b98b3..797385f86ca4 100644
--- a/sysui/desktop/apparmor/program.senddoc
+++ b/sysui/desktop/apparmor/program.senddoc
@@ -17,8 +17,8 @@
 profile libreoffice-senddoc INSTDIR-program/senddoc {
   #include <abstractions/base>

-  owner /tmp/lu**       rw,    #makes files like
luRRRRR.tmp/lubRRRR.tmp where R is random
-                               #Note, usually it's lub or luc, don't
know why.
+  #include <abstractions/user-tmp>
+
   /{usr/,}bin/sh        rmix,
   /{usr/,}bin/bash      rmix,
   /{usr/,}bin/dash      rmix,
diff --git a/sysui/desktop/apparmor/program.soffice.bin
b/sysui/desktop/apparmor/program.soffice.bin
index 212eb7c62b15..b8c9f1b2e4b2 100644
--- a/sysui/desktop/apparmor/program.soffice.bin
+++ b/sysui/desktop/apparmor/program.soffice.bin
@@ -92,6 +92,8 @@ profile libreoffice-soffice INSTDIR-program/soffice.bin {
   #include <abstractions/python>
   #include <abstractions/p11-kit>

+  #include <abstractions/user-tmp>
+
   #List directories for file browser
   /                                     r,
   /**/                                  r,
@@ -116,7 +119,6 @@ profile libreoffice-soffice
INSTDIR-program/soffice.bin {
   owner @{HOME}/.config/soffice.binrc.lock rwk,
   owner @{HOME}/.cache/fontconfig/**    rw,
   owner @{HOME}/.config/gtk-???/bookmarks r,  #Make bookmarks work
-  owner /tmp/psp[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]* rw,
#/tmp/psp1534203998 (printing to file)

   owner /{,var/}run/user/*/dconf/user   rw,
   owner @{HOME}/.config/dconf/user      r,
diff --git a/sysui/desktop/apparmor/program.xpdfimport
b/sysui/desktop/apparmor/program.xpdfimport
index efe10dce020d..f8bfbfe8fa49 100644
--- a/sysui/desktop/apparmor/program.xpdfimport
+++ b/sysui/desktop/apparmor/program.xpdfimport
@@ -17,9 +17,8 @@
 profile libreoffice-xpdfimport INSTDIR-program/xpdfimport {
   #include <abstractions/base>

-  owner /tmp/*              r,     #Seems to need to read file created
with pattern /tmp/RRRRRR
-  owner /tmp/lu**           rw,    #makes files like
luRRRRR.tmp/lubRRRR.tmp where R is random
-                                   #Note, usually it's lub or luc,
don't know why.
+  #include <abstractions/user-tmp>
+
   /usr/share/poppler/**     r,
   /usr/share/libreoffice/share/config/* r,
   owner
@{HOME}/.config/libreoffice{,dev}/?/user/uno_packages/cache/log.txt rw,

(user-tmp allows /tmp/**)

Regards,

Rene
Reply to: