Public bug reported: libreoffice accesses firefox's cert8.db and key3.db, i have found this from apparmor log messages. i googled "libreoffice cert8.db key3.db" and have found out that seems libreoffice does this by design. see https://bugs.documentfoundation.org/show_bug.cgi?id=119811 , https://weekly-geekly.github.io/articles/357692/index.html . do you agree with this? then there should be allow rule, i think. if you do not, then should be a comment and / or deny rule.
does libreoffice really need write access to these files? i think it can potentially add some bad certificates, and some sites would have verified sign then, while user has not added it to exceptions. i think if user have not secured his master password, it can be considered it is ok if some app can access his passwords. i think this pages also can be helpful: https://stackoverflow.com/questions/45126738/what-is-cert8-db-and-key3 -db-file , https://developer.mozilla.org/en- US/docs/Mozilla/Projects/NSS/tools/NSS_Tools_certutil , these are found by googling "cert8.db key3.db". this also can be helpful: https://en.wikipedia.org/wiki/Public_key_certificate . ** Affects: libreoffice (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1862331 Title: mozilla cert8.db and key3.db are denied by apparmor To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1862331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs