severity 975951 minor tag 975951 upstream forwarded 975951 https://bugs.documentfoundation.org/show_bug.cgi?id=119811 retitle 975951 libreoffice tries to access files of firefox profiles notfound 975951 1:7.0.3-4+b1 thanks
Hi, > Package: libreoffice No, libreoffice does not contain anything except dependencies. Do you mean libreoffice-core? Sorry, that it hits you, but why can't people just file against the correct package? "libreoffice" clearly says it's a dummy package. > Severity: normal Sigh. How it is a bug when LO does what it's supposed to do in case people want to sign their documents (with S/MIME, gpg is something else) *and which is documented*? https://help.libreoffice.org/4.4/Common/Applying_Digital_Signatures (of course also valid for later versions, this is just a result of googling.) https://wiki.openoffice.org/wiki/How_to_use_digital_Signatures That's what it is for. Signing documents with S/MIME. > I'm seeing many entries like these in my log: If you look at your logs (which is good) I would also expect you being able to do a basic resarch (see above) instead of filing a "bug" which then will linger around until eternity :-( > operation="open" profile="libreoffice-soffice" > name="/home/joerg/.mozilla/firefox/aelzkv52.dev/cert9.db" pid=486621 > comm="soffice.bin" requested_mask="wc" denied_mask="wc" fsuid=1000 ouid=1000 > operation="file_lock" profile="libreoffice-soffice" > name="/home/joerg/.mozilla/firefox/aelzkv52.dev/cert9.db" pid=486621 > comm="soffice.bin" requested_mask="k" denied_mask="k" fsuid=1000 ouid=1000 Access to the Mozilla profile is completely expected in how it's (The apparmor profiles allow "r", not "w". (Have to lookup what "c" is.) which is correct since LO should only be able to read the certs). Key *management* is something LO should not do and cannot do anyway. (same with gpg) > operation="open" profile="libreoffice-soffice" > name="/home/joerg/.mozilla/firefox/aelzkv52.dev/key4.db" pid=486621 > comm="soffice.bin" requested_mask="wrc" denied_mask="wrc" fsuid=1000 ouid=1000 > operation="file_lock" profile="libreoffice-soffice" > name="/home/joerg/.mozilla/firefox/aelzkv52.dev/key4.db" pid=486621 > comm="soffice.bin" requested_mask="k" denied_mask="k" fsuid=1000 ouid=1000 Oh, that one's new. I added the cert?.db ones once. Since when does LO (and/or nss and or libxmlsec-nss) want key4.db, too? (But I'd only allow r anyways.) I guess I need to check whether signing works when the profile is in enforcing again... > LibreOffice tries to access the key storage of Firefox, which is really > strange. No, it isn't. A few minutes' research would have shown you that it uses nss and the certificates from Firefox (or Thundebird or SeaMonkey..): https://www.google.com/search?q=libreoffice+firefox+profile&rlz=1C1GCEU_deDE843DE846&oq=libreoffi&aqs=chrome.1.69i60j69i59j69i57j69i60l3j69i65j69i60.2319j0j7&sourceid=chrome&ie=UTF-8 Second and fourth hit. (That also shows https://bugs.documentfoundation.org/show_bug.cgi?id=119811 where an other user just reports a "bug" because of something unexepctedly ("no visiable reasons"...) Yes, it's Marking as forwarded to this "bug" though. > Isn't it possible to use the keys in /etc/ssl? a) as said it uses nss instead of the "standard" openssl, and has to use what nss expects b) how are you going to add signing certificates as user to /etc/ssl without being root? How does a end-user know (s)he needs to add stuff there? There (ttbomk) unfortunately also is no standardized patch for certs in users' $HOMEs. And (unfortunately) LO wants to cater for end-users with no clue instead of doing the correct thing(tm). Regards, Rene