Why such a sensitive software like Libreoffice, particularly exposed (because it's used to open externally provided document) would, by default, grant access to private keys (which are usually on of the most sensitive part of the system).
It's the exact opposite of apparmor's purpose: a complex/exposed software having access to a sensitive, well-identified, private file. The convenience-security trade-off (and the use-cases/typical user modelling seem slightly off) IMHO ~/.gnupg shouldn't be readable by default but the Apparmor profile made in such a way that it can be easily enabled for users actually signing their documents with GnuPG -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice in Ubuntu. https://bugs.launchpad.net/bugs/1886092 Title: libreoffice doesn't list gpg private key for a digital signature due to apparmor Status in libreoffice package in Ubuntu: Fix Released Status in libreoffice source package in Focal: Confirmed Status in libreoffice source package in Groovy: Fix Released Status in libreoffice source package in Hirsute: Fix Released Bug description: LibreOffice should be able to digitally sign a document with a GPG private key in the GPG key chain. However, the key is not listed in the list of certificates shown following the menu File - Digital Signatures - Digital Signatures... - Sign Document..., after, e.g., creating and saving a document on LibreOffice Writer. This seems to be because apparmor doesn't allow LibreOffice to communicate with GPG agent. /var/log/syslog shows lines like: Jul 1 15:15:14 misoan kernel: [20238.265212] audit: type=1400 audit(1593652514.311:333): apparmor="DENIED" operation="connect" profile="libreoffice-soffice//gpg" name="/run/user/1001/gnupg/S.gpg- agent" pid=23725 comm="gpg" requested_mask="wr" denied_mask="wr" fsuid=1001 ouid=1001 Locally, I could make LibreOffice show the GPG private key with the following change against /etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin --- apparmor.d.20200702/usr.lib.libreoffice.program.soffice.bin 2019-10-03 10:31:21.000000000 -1000 +++ apparmor.d/usr.lib.libreoffice.program.soffice.bin 2020-07-02 08:59:44.516754728 -1000 @@ -223,6 +223,7 @@ owner @{HOME}/.gnupg/* r, owner @{HOME}/.gnupg/random_seed rk, + owner /{,var/}run/user/*/** rw, } # probably should become a subprofile like gpg above, but then it doesn't Tested with the following packages on Xfce4 $ lsb_release -rd Description: Ubuntu 20.04 LTS Release: 20.04 $ apt-cache policy libreoffice-common | grep Installed Installed: 1:6.4.3-0ubuntu0.20.04.1 $ apt-cache policy gpg gpg-agent | grep -B1 Installed gpg: Installed: 2.2.19-3ubuntu2 -- gpg-agent: Installed: 2.2.19-3ubuntu2 $ apt-cache policy apparmor | grep Installed Installed: 2.13.3-7ubuntu5.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1886092/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
