I ran into a similar problem on Ubuntu 17.10 that I think is related to the apparmor profile, because it appeared recently, but has gone away with the newest release. I have an ODT file (in my home folder) that has no ".odt" at the end of the filename.
It has never had problems in the past (Nautilus recognizes the file type from the contents, and launches LibreOffice, which would open the file successfully), but suddenly it started giving me an access denied message, which went away if I added ".odt" to the name. Now with the newest release, it works again without the ".odt". Confined apps seem like a good idea, but seeing the variety of different problems that this change has caused (and will probably cause in the future as more apps apply confinement) makes me a bit concerned about the overall confinement strategy in general, not just for LibreOffice. It seems like trying to make a universal definition of what file names and locations are appropriate for an app to access is an impossible task. The problem is that in a broad conceptual sense, there are sort of three classes of files: System Files: need to be protected from untrusted users and untrusted apps. OS determines names and directory structure App Files: owning app needs has full automatic access, and chooses names and sub-directory structure. User Files: user has full access, and chooses names and sub-directory structure. It seems to me that a better approach would be to give each app one specific folder that it has completely free access to read and write "app-owned" files, like settings, saved games (maybe "~/.local/share/appname" or "~/Settings/Apps/appname"), and then have specific "Trusted File Pickers" (for example, Nautilus, or a system- provided Open/Save window) that could temporarily give the app permission to access a specific file selected by the user. I don't know if apparmor is capable of doing this sort of thing, but it seems like a better general approach to app confinement. I don't want an untrusted application to freely read or write everything in my home folder, potentially stealing personal information, or deleting/encrypting my documents. I also don't want an app to be prevented from accessing a file that I explicitly try to open with it, just because of where it's stored, or how the filename is formatted. The one downside I can see for a system like I proposed is that it would make it very hard for confined applications to provide their own custom Open/Save windows, but I think that would be a reasonable trade-off for having more security. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice in Ubuntu. https://bugs.launchpad.net/bugs/1751005 Title: libreoffice cannot open a document not within $HOME Status in libreoffice package in Ubuntu: Fix Released Bug description: Starting with today's update to LibreOffice 5.4.5.1 40m0(Build:1), files not within the user $HOME directory cannot be opened. This has nothing to do with ownership or permissions - the target document is owned by the user with full permissions. Moving the file to ~/Desktop allows it to be opened normally. Error message in popup window: Access to /home2/mico/documents/personal/2018 lists.ods was denied. Error message when launched from terminal: $: localc "2018 lists.ods" javaldx: Could not find a Java Runtime Environment! Please ensure that a JVM and the package libreoffice-java-common is installed. If it is already installed then try removing ~/.libreoffice/3/user/config/javasettings_Linux_*.xml Warning: failed to read path from javaldx The file mentioned in the error message does not exist. I removed the corresponding file under ~/.libreoffice/4/ but that makes no difference. This but started in Ubuntu 18.04 (alpha) around Feb. 15, and with today's update (Feb. 22) it appeared in Ubuntu 17.10. ProblemType: Bug DistroRelease: Ubuntu 17.10 Package: libreoffice-core 1:5.4.5-0ubuntu0.17.10.1 ProcVersionSignature: Ubuntu 4.13.0-36.40-generic 4.13.13 Uname: Linux 4.13.0-36-generic x86_64 ApportVersion: 2.20.7-0ubuntu3.7 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Thu Feb 22 09:35:49 2018 InstallationDate: Installed on 2018-01-27 (25 days ago) InstallationMedia: Ubuntu 17.10 "Artful Aardvark" - Release amd64 (20180105.1) SourcePackage: libreoffice UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1751005/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
