[Libreoffice-bugs] [Bug 117922] libreoffice fails when launched with no_new_privs, due to AppArmor
bugzilla-daemon at bugs.documentfoundation.org
bugzilla-daemon at bugs.documentfoundation.org
Wed Aug 29 16:35:29 UTC 2018
https://bugs.documentfoundation.org/show_bug.cgi?id=117922
--- Comment #5 from Xisco FaulĂ <xiscofauli at libreoffice.org> ---
I asked Vincas Dargis by email. This is his answer:
I believe there was already some issues with other applications due to
no_new_privs. There was discussion some time ago [0] where it was informed that
only `ix` mode works with no_new_privs.
If I change profile to make `javaldx` launched in "ix" mode (child mode Cx does
not work too) and add additional rule to make `javaldx` itself succeed,
launching LO still fails:
type=AVC msg=audit(1535559666.175:887): apparmor="DENIED" operation="exec"
info="no new privs" error=-1 profile="libreoffice-oopslash"
name="/usr/lib/libreoffice/program/soffice.bin" pid=10357
comm="osl_executeProc" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
target="libreoffice-soffice"
`px` into ..soffice.bin profile does not work.
I would suggest to ask help from AppArmor experts in mailing list [1]. So not
sure how `oopslash` could launch libreoffice...
[0] https://lists.ubuntu.com/archives/apparmor/2017-October/011142.html
[1] https://lists.ubuntu.com/mailman/listinfo/apparmor/
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/libreoffice-bugs/attachments/20180829/d800395c/attachment.html>
More information about the Libreoffice-bugs
mailing list