Bug#1090814: libreoffice-common: AppArmor sometimes prevents file saving (/luXXXXXXX.tmp temporary files)
Package: libreoffice-common
Version: 4:7.4.7-1+deb12u5
Severity: normal
Tags: patch
Dear Maintainer,
Sometimes (but relatively rarely), with AppArmor profile enforced, user is
unable to save files in e.g. Libreoffice Calc with error:
"Error saving the document DOCUMENTNAME:
Write Error.
The file could not be written."
(where DOCUMENTNAME is name of actual document we've modifed and are trying to save)
Retrying does not help.
At the same time, following errors are logged in dmesg(8):
apparmor="DENIED" operation="mknod" profile="libreoffice-soffice" name="/home/mnalis/Documents/Ostalo/lu2654yy7.tmp" pid=2654 comm="soffice.bin" requested_mask="c" denied_mask="c" fsuid=1001 ouid=1001
apparmor="DENIED" operation="mknod" profile="libreoffice-soffice" name="/home/mnalis/Documents/Ostalo/lu2654yy9.tmp" pid=2654 comm="soffice.bin" requested_mask="c" denied_mask="c" fsuid=1001 ouid=1001
apparmor="DENIED" operation="mknod" profile="libreoffice-soffice" name="/home/mnalis/Documents/Ostalo/lu2654yyb.tmp" pid=2654 comm="soffice.bin" requested_mask="c" denied_mask="c" fsuid=1001 ouid=1001
I've tracked it down to this line in /etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin AppArmor profile:
owner @{libo_user_dirs}/{,**/}lu????????{,?,??,???,????}.tmp rwk, #Temporary file used when saving
which seems to expect that there are at least 8 characters between "lu" and ".tmp", and sometimes there are only 7.
Bug occurs on latest Bookwork (Stable), but same AppArmor line appears in latest Sid's 24.8.3-3 and experimental's 25.2.0~beta1-2 so I assume the same problem is also present there.
The attached diff fixes the issue for me.
-- Package-specific info:
Configuration file Package Exists Changed
/etc/libreoffice/registry/Langpack-en-US.xcd libreoffice-common Yes No
/etc/libreoffice/registry/lingucomponent.xcd libreoffice-common Yes No
/etc/libreoffice/registry/main.xcd libreoffice-common Yes No
/etc/libreoffice/registry/pdfimport.xcd libreoffice-common Yes No
/etc/libreoffice/registry/res/fcfg_langpack_e libreoffice-common Yes No
/etc/libreoffice/registry/xsltfilter.xcd libreoffice-common Yes No
-- System Information:
Debian Release: 12.8
APT prefers stable-security
APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-28-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: sysvinit (via /sbin/init)
LSM: AppArmor: enabled
Versions of packages libreoffice-common depends on:
ii libnumbertext-data 1.0.11-1
ii libreoffice-style-colibre 4:7.4.7-1+deb12u5
ii ucf 3.0043+nmu1
ii ure 4:7.4.7-1+deb12u5
Versions of packages libreoffice-common recommends:
ii apparmor 3.0.8-3
ii fonts-liberation2 2.1.5-1
ii libexttextcat-data 3.4.5-1
ii poppler-data 0.4.12-1
ii python3-uno 4:7.4.7-1+deb12u5
ii xdg-utils 1.1.3-4.1
Versions of packages libreoffice-common suggests:
ii libreoffice-style-colibre [libreoffice-style] 4:7.4.7-1+deb12u5
-- no debconf information
--- a/usr.lib.libreoffice.program.soffice.bin
+++ b/usr.lib.libreoffice.program.soffice.bin
@@ -108,7 +108,7 @@ profile libreoffice-soffice /usr/lib/libreoffice/program/soffice.bin {
owner @{libo_user_dirs}/**/ rw, #allow creating directories that we own
owner @{libo_user_dirs}/**~lock.* rw, #lock file support
owner @{libo_user_dirs}/**.@{libreoffice_ext} rwk, #Open files rw with the right exts
- owner @{libo_user_dirs}/{,**/}lu????????{,?,??,???,????}.tmp rwk, #Temporary file used when saving
+ owner @{libo_user_dirs}/{,**/}lu???????{,?,??,???,????,?????}.tmp rwk, #Temporary file used when saving
owner @{libo_user_dirs}/{,**/}.directory r, #Read directory settings on KDE
# Settings
Reply to: