retitle 959399 libreoffice-common: many AppArmor "ALLOWED" log messages
if using "non-standard" $HOME
severity 959399 minor
tag 959399 + wontfix
thanks
On Fri, May 01, 2020 at 06:00:46PM -0500, E Harris wrote:
Using LibreOffice results in many AppArmor audit log messages marked as "ALLOWED".
These messages repeat many times during normal use of the app, resulting in
quite a bit of log spam.
Perhaps this is the result of the user's home directory being mounted in an alternate location?
Yes, and to be honest, if you change that dir you need to change all
profiles referencing $HOME to allow it.
Here you can be just glad it works because the profile is in complain
mode, if it wasn't this wouldn't work at all...
One simply cannot allow any path as this would simply defeat the
purpose.
A small sampling of messages (obfuscated):
May 1 17:19:49 host kernel: [ 9201.656675] audit: type=1400 audit(1588371589.713:822): apparmor="ALLOWED" operation="mknod" profile="libreoffice-soffice" name="/raid/home/user/.config/libreoffice/4/user/GpDXp7" pid=16453 comm="configmgrWriter" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
why /raid as extra mountpoint and not /home directly or / directly or if
that's not intended some bind mounts to have /home on a "known"
location? So that stuff like this doesn't knowingly break?
Or is that the case?
I am honestly not sure whether there's something to do there at all -
except for the admin of the system to adapt the profile to the setuo of
the system.
Regards,
Rene