Bug#982274: usr.lib.libreoffice.program.soffice.bin: temporary files are not allowed due to length change

To: Paul Wise <pabs@debian.org>, 982274@bugs.debian.org
Subject: Bug#982274: usr.lib.libreoffice.program.soffice.bin: temporary files are not allowed due to length change
From: Rene Engelhard <rene@debian.org>
Date: Mon, 8 Feb 2021 07:23:00 +0100
Message-id: <[🔎] 57543804-1545-e353-c320-d4d879c8e414@debian.org>
Reply-to: Rene Engelhard <rene@debian.org>, 982274@bugs.debian.org
In-reply-to: <[🔎] 15b636e961ad828a1ff72ce3e3ecd2eb854f646c.camel@debian.org>
References: <[🔎] 15b636e961ad828a1ff72ce3e3ecd2eb854f646c.camel@debian.org> <[🔎] 15b636e961ad828a1ff72ce3e3ecd2eb854f646c.camel@debian.org>

Hi,

Am 08.02.21 um 03:15 schrieb Paul Wise:

> Tags: patch

No, No patch.

patch does not  mean "add a ?" but if at all someting like this

$ git diff sysui/desktop/apparmor/program.soffice.bin
diff --git a/sysui/desktop/apparmor/program.soffice.bin
b/sysui/desktop/apparmor/program.soffice.bin
index 42053db2abef..83bd9d11f93c 100644
--- a/sysui/desktop/apparmor/program.soffice.bin
+++ b/sysui/desktop/apparmor/program.soffice.bin
@@ -101,7 +101,7 @@ profile libreoffice-soffice
INSTDIR-program/soffice.bin {
   owner @{libo_user_dirs}/**/           rw,  #allow creating
directories that we own
   owner @{libo_user_dirs}/**~lock.*     rw,  #lock file support
   owner @{libo_user_dirs}/**.@{libreoffice_ext} rwk,  #Open files rw
with the right exts
-  owner @{libo_user_dirs}/{,**/}lu??????????{,?}.tmp rwk, #Temporary
file used when saving
+  owner @{libo_user_dirs}/{,**/}lu???????????{,?}.tmp rwk, #Temporary
file used when saving
   owner @{libo_user_dirs}/{,**/}.directory r, #Read directory settings
on KDE
 
   # Settings
(Which is even trivially to do in /etc/apparmor.d if you don't know the
source path. This won
t necessarily help since the path is there in the generated file but if
yoz're lucky and are far away "enough" from the profile path..)


Not removing the patch since it's now actually has one..

> When I open a document in my home directory in libreoffice I get this:
>
>    Feb 08 08:08:48 audit[474619]: AVC apparmor="DENIED" operation="open" profile="libreoffice-soffice" name="/home/pabs/lu474619vthyvt.tmp" pid=474619 comm="soffice.bin" requested_mask="wrc" denied_mask="wrc" fsuid=1000 ouid=1000

Didn't you already ask on IRC some weeks ago about this?


Did you manually set it to enabled from the default complain-only mode
or how did the soffice.bin get into complain mode?

> The reason is that this rule allowing temporary files is too short:
>
>      owner @{libo_user_dirs}/{,**/}lu??????????{,?}.tmp rwk, #Temporary file used when saving
>
> Adding one more possible temporary filename length fixes the denial:
>
>      owner @{libo_user_dirs}/{,**/}lu??????????{,?,??}.tmp rwk, #Temporary file used when saving

Did you change it or do you mean upstream did?

Addendum: Yes, apprarently something changed and it got hidden due to it
being complain-only.

Indeed I get ALLOWED entries in the log.


Regards,


Rene

Reply to:

References:
- Bug#982274: usr.lib.libreoffice.program.soffice.bin: temporary files are not allowed due to length change
  - From: Paul Wise <pabs@debian.org>

Prev by Date: Bug#982274: usr.lib.libreoffice.program.soffice.bin: temporary files are not allowed due to length change
Next by Date: Processed: Bug#982152 marked as pending in libreoffice-dictionaries
Previous by thread: Bug#982274: usr.lib.libreoffice.program.soffice.bin: temporary files are not allowed due to length change
Next by thread: Processed: Bug#982274 marked as pending in libreoffice
Index(es):
- Date
- Thread