Bug#907303: apparmor: libreoffice stops start with last update

2018-08-27 Thread Kamil Jońca 
Vincas Dargis  writes:

> On Sun, 26 Aug 2018 10:58:50 +0200 Kamil Jonca  wrote:
>> After last upgrade of apparmor, soffice command end with error, and in log 
>> we can see:
>>
>> 
>>  audit: type=1400 audit(1535272402.067:422): apparmor="ALLOWED"
>> operation="exec" info="profile transition not found" error=-13
>> profile="libreoffice-oopslash"
>> name="/usr/lib/libreoffice/program/soffice.bin" pid=16727
>> comm="osl_executeProc" requested_mask="x" denied_mask="x" fsuid=1000
>> ouid=0 target="/usr/lib/libreoffice/program/soffice.bin"
>> 
>>
>> workaround is:
>> #aa-disable /etc/apparmor.d/usr.lib.libreoffice.program.oosplash
>
> Hi,
>
> I cannot reproduce that on my machine. Purged libreoffice-common (that
> contains AppArmor profiles) and reinstalled whole libreoffice, but it
> works for me. When ...soffice.bin is in complain *and* in enforce
> mode.
>
> Could it be that you had `usr.lib.libreoffice.program.soffice.bin` profile 
> disabled? Check with:
> ```
> ls /etc/apparmor.d/disable/
> ``
>
>
>

Hm. After reinstalling libreoffice-common and

alfa:~%sudo aa-enforce /etc/apparmor.d/usr.lib.libreoffice.program.oosplash

it start to work.
So it looks like bug can be closed as invalid. Sorry for the noise :(

KJ
-- 
http://wolnelektury.pl/wesprzyj/teraz/
I respect the institution of marriage.  I have always thought that every
woman should marry -- and no man.
-- Benjamin Disraeli, "Lothair"

Bug#907303: apparmor: libreoffice stops start with last update

2018-08-27 Thread Vincas Dargis 

On Sun, 26 Aug 2018 10:58:50 +0200 Kamil Jonca  wrote:

After last upgrade of apparmor, soffice command end with error, and in log we 
can see:


 audit: type=1400 audit(1535272402.067:422): apparmor="ALLOWED" operation="exec" info="profile transition not found" error=-13 
profile="libreoffice-oopslash" name="/usr/lib/libreoffice/program/soffice.bin" pid=16727 comm="osl_executeProc" 
requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 target="/usr/lib/libreoffice/program/soffice.bin"


workaround is:
#aa-disable /etc/apparmor.d/usr.lib.libreoffice.program.oosplash


Hi,

I cannot reproduce that on my machine. Purged libreoffice-common (that contains AppArmor profiles) 
and reinstalled whole libreoffice, but it works for me. When ...soffice.bin is in complain *and* in 
enforce mode.


Could it be that you had `usr.lib.libreoffice.program.soffice.bin` profile 
disabled? Check with:
```
ls /etc/apparmor.d/disable/
``

Bug#907303: apparmor: libreoffice stops start with last update

2018-08-26 Thread Kamil Jonca 
Package: apparmor
Version: 2.13-8
Severity: normal

After last upgrade of apparmor, soffice command end with error, and in log we 
can see:


 audit: type=1400 audit(1535272402.067:422): apparmor="ALLOWED" 
operation="exec" info="profile transition not found" error=-13 
profile="libreoffice-oopslash" name="/usr/lib/libreoffice/program/soffice.bin" 
pid=16727 comm="osl_executeProc" requested_mask="x" denied_mask="x" fsuid=1000 
ouid=0 target="/usr/lib/libreoffice/program/soffice.bin"


workaround is:
#aa-disable /etc/apparmor.d/usr.lib.libreoffice.program.oosplash


-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.17.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8), 
LANGUAGE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages apparmor depends on:
ii  debconf [debconf-2.0]  1.5.69
ii  libc6  2.27-5
ii  lsb-base   9.20170808
ii  python33.6.6-1

apparmor recommends no packages.

Versions of packages apparmor suggests:
pn  apparmor-profiles-extra  
ii  apparmor-utils   2.13-8

-- Configuration Files:
/etc/apparmor.d/abstractions/freedesktop.org changed:
  # system configuration
  @{system_share_dirs}/applications/{**,} r,
  @{system_share_dirs}/icons/{**,}r,
  @{system_share_dirs}/pixmaps/{**,}  r,
  # this should probably go elsewhere
  @{system_share_dirs}/mime/** r,
  # per-user configurations
  owner @{HOME}/.icons/ r,
  owner @{HOME}/.recently-used.xbel*rw,
  owner @{HOME}/.local/share/recently-used.xbel* rw,
  owner @{HOME}/.config/user-dirs.dirs  r,
  owner @{HOME}/.config/mimeapps.list   r,
  owner @{user_share_dirs}/applications/{**,} r,
  owner @{user_share_dirs}/icons/{**,}r,
  owner @{user_share_dirs}/mime/{**,} r,

/etc/apparmor.d/abstractions/kde changed:
/etc/qt3/kstylerc r,
/etc/qt3/qt_plugins_3.3rc r,
/etc/qt3/qtrc r,
/etc/kderc r,
/etc/kde3/* r,
/etc/kde4rc r,
/etc/xdg/Trolltech.conf r,
owner @{HOME}/.DCOPserver_* r,
owner @{HOME}/.ICEauthority r,
owner @{HOME}/.fonts.* lrw,
owner @{HOME}/.kde{,4}/share/config/kdeglobals rw,
owner @{HOME}/.kde{,4}/share/config/*.lock rwl,
owner @{HOME}/.qt/** rw,
owner @{HOME}/.config/Trolltech.conf rwk,
/usr/share/X11/XKeysymDB r,
/usr/lib*/kde3/plugins/styles/ r,
/usr/lib*/kde3/plugins/styles/* mr,
/usr/lib*/kde3/lib*so* mr,
/usr/lib/@{multiarch}/kde3/plugins/styles/ r,
/usr/lib/@{multiarch}/kde3/plugins/styles/* mr,
/usr/lib/@{multiarch}/kde3/lib*so* mr,
/usr/lib*/qt3/lib*/lib*so* mr,
/usr/lib*/qt3/plugins/**  mr,
/usr/lib/@{multiarch}/qt3/lib*/lib*so* mr,
/usr/lib/@{multiarch}/qt3/plugins/**  mr,
/usr/lib*/libqt-mt*so* mr,
/usr/lib*/libqui*so* mr,
/usr/lib/@{multiarch}/libqt-mt*so* mr,
/usr/lib/@{multiarch}/libqui*so* mr,
/usr/share/qt3/lib*/libqt-mt*so* mr,
/usr/share/qt3/lib*/libqui*so* mr,
/usr/lib*/kde4/plugins/*/*.so mr,
/usr/lib*/kde4/plugins/*/ r,
/usr/lib*/kde4/lib*so* mr,
/usr/lib/@{multiarch}/kde4/plugins/*/*.so mr,
/usr/lib/@{multiarch}/kde4/plugins/*/ r,
/usr/lib/@{multiarch}/kde4/lib*so* mr,
/usr/lib*/qt4/lib*/lib*so* mr,
/usr/lib*/qt4/plugins/**  mr,
/usr/lib/@{multiarch}/qt4/lib*/lib*so* mr,
/usr/lib/@{multiarch}/qt4/plugins/**  mr,
/usr/share/qt4/** r,


-- debconf information:
  apparmor/homedirs: