[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1098838: libreoffice-common: /etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin fails to parse/load with apparmor 4.1.0-beta5-2

Dear Rene!


Jak podają anonimowe źródła, przepowiedziano, że Rene Engelhard napisze:

> Hi again,
> 
> Am 25.02.25 um 06:19 schrieb Rene Engelhard:
> > Am 24.02.25 um 23:25 schrieb Jacek Kawa:
> > > With current apparmor version in sid (4.1.0~beta5-2)
> > > /etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin fails to parse
> > > and load.
> > > 
> > > 
> > > 
> > > -steps to reproduce: --------------------------
> > > # apparmor_parser -r usr.lib.libreoffice.program.soffice.bin
> > > Too many states (113206) for type state_t
> > 
> > Didn't check myself in a sid. But not sure.
> > 
> > 
> > See the autopkgtest which does test this:
> > 
> > https://ci.debian.net/packages/libr/libreoffice/unstable/amd64/58106098/ (the log is https://ci.debian.net/data/autopkgtest/unstable/amd64/libr/libreoffice/58106098/log.gz):
> [...]
> 
> Doesn't happen in a clean sid vm either. See attached screenshot.
> 
> Regards,
> Rene


1. debsums -e shows every standard apparmor.d as OK/clean,
2. same problem with stock kernel (6.12.16-amd64),
3. cannot reproduce in my other SID machine.

However, based on the second machine preprocessed profile I was able to
pin-point the problem to:

--- bad		2025-02-25 14:29:01.752813380 +0100
+++ good	2025-02-25 14:30:37.570399763 +0100
@@ -155,8 +155,7 @@
 # The following is a space-separated list of where additional user home
 # directories are stored, each must have a trailing '/'. Directories added
 # here are appended to @{HOMEDIRS}.  See tunables/home for details.
-@{HOMEDIRS}+=/home/dropbox/
-
+#@{HOMEDIRS}+=


With /home/drobpox added ages ago and actually non-existing. 

dpkg-reconfigure apparmor  -> remove offending entry
and everything works fine now.

A bit of experimenting:

- a valid path outside home -> fine,
- a valid path being nested in home -> 108s of processing,
- an invalid path not nested in /home -> fine,

I can guess now, that having additional "home" nested in the
default one might not be a good idea.

In other words:
1. from my perspective the problem is solved,
2. having any additional home nested in the default home location causes
this very specific profile to fail under current apparmor.

Best regards
-- 
Jacek Kawa
Reply to: