tag 962903 - moreinfo tag 962903 - unreproducible
retitle 962903 Fails to open any PDF ("This PDF file is encrypted and can't be opened.") if TMPDIR is not /tmp (apparmor DENIED) severity 962903 minor tag 962903 + wontfix thanks Am 20.06.20 um 14:11 schrieb Rene Engelhard: > 2575 19:27:45.464196 openat(AT_FDCWD, "/tmp/test-tmp-ametzler/Qqf3SE", > O_RDONLY) = -1 EACCES (Permission denied) > I wonder about that /tmp/test-tmp-ametzler. > > > The apparmor rules might just allow /tmp/*, not /tmp/something/*. profile libreoffice-xpdfimport /usr/lib/libreoffice/program/xpdfimport { #include <abstractions/base> owner /tmp/* r, #Seems to need to read file created with pattern /tmp/RRRRRR owner /tmp/lu** rw, #makes files like luRRRRR.tmp/lubRRRR.tmp where R is random #Note, usually it's lub or luc, don't know why. [...] > Ah, yes: > > Indeed, if I set TMPDIR=/tmp/test I get that > > "This PDF file is encrypted and can't be opened". > > > dmesg shows e.g.: > > "[ 692.0171072] audit: type=1400 audit(159265461.660:88): apparmor="DENIED" > opereation="open" profile="libreoffice-xpdfimport" name="/tmp/test/4DyliY" > pid=2661 comm="xpdfimport" requested_mask="r" denied_masj="r" fsuid=1000 > ouid=1000" > > And indeed, if I set that profile to complain only it works. Based on that and the last sentence changing the status and marking this as wontfix.# Regards, Rene