Hi again.
On Sat, May 02, 2020 at 03:56:26AM +0200, Rene Engelhard wrote:
> > A small sampling of messages (obfuscated):
> >
> > May 1 17:19:49 host kernel: [ 9201.656675] audit: type=1400
> > audit(1588371589.713:822): apparmor="ALLOWED" operation="mknod"
> > profile="libreoffice-soffice"
> > name="/raid/home/user/.config/libreoffice/4/user/GpDXp7" pid=16453
> > comm="configmgrWriter" requested_mask="c" denied_mask="c" fsuid=1000
> > ouid=1000
>
> why /raid as extra mountpoint and not /home directly or / directly or if
> that's not intended some bind mounts to have /home on a "known"
> location? So that stuff like this doesn't knowingly break?
> Or is that the case?
And what is your @HOME set for in apparmor sense?
owner @{HOME}/.config/libreoffice{,dev}/** rwk,
is in the profile, which allows the owner of the config dir in @{HOME}
access.
So I just bet that setting needs to be globally adapted
for apparmor?
(Or use standard paths.)
Regards,
Rene
