retitle 959399 libreoffice-common: many AppArmor "ALLOWED" log messages if using "non-standard" $HOME severity 959399 minor tag 959399 + wontfix thanks
On Fri, May 01, 2020 at 06:00:46PM -0500, E Harris wrote: > Using LibreOffice results in many AppArmor audit log messages marked as > "ALLOWED". > These messages repeat many times during normal use of the app, resulting in > quite a bit of log spam. > > Perhaps this is the result of the user's home directory being mounted in an > alternate location? Yes, and to be honest, if you change that dir you need to change all profiles referencing $HOME to allow it. Here you can be just glad it works because the profile is in complain mode, if it wasn't this wouldn't work at all... One simply cannot allow any path as this would simply defeat the purpose. > > A small sampling of messages (obfuscated): > > May 1 17:19:49 host kernel: [ 9201.656675] audit: type=1400 > audit(1588371589.713:822): apparmor="ALLOWED" operation="mknod" > profile="libreoffice-soffice" > name="/raid/home/user/.config/libreoffice/4/user/GpDXp7" pid=16453 > comm="configmgrWriter" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000 why /raid as extra mountpoint and not /home directly or / directly or if that's not intended some bind mounts to have /home on a "known" location? So that stuff like this doesn't knowingly break? Or is that the case? I am honestly not sure whether there's something to do there at all - except for the admin of the system to adapt the profile to the setuo of the system. Regards, Rene
