Bug 114915 - Apparmor profiles contain invalid comments in variable assignments
Summary: Apparmor profiles contain invalid comments in variable assignments
Status: RESOLVED FIXED
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: LibreOffice (show other bugs)
Version:
(earliest affected)
5.4.3.2 release
Hardware: All Linux (All)
: medium normal
Assignee: Not Assigned
URL:
Whiteboard: target:6.1.0 target:6.0.2 target:6.2.0
Keywords:
Depends on:
Blocks:
 
Reported: 2018-01-08 15:36 UTC by Olivier Tilloy
Modified: 2018-08-10 07:10 UTC (History)
0 users

See Also:
Crash report or crash signature:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Olivier Tilloy 2018-01-08 15:36:07 UTC 
Description:
(originally reported as https://launchpad.net/bugs/1741581)

Nibaldo González has reported that the LibreOffice AppArmor profile has mistakes in it:

https://lists.ubuntu.com/archives/apparmor/2018-January/011418.html

> In this case, AppArmor grants write and read permissions to files with
> extension: '.#.txt', '.#All', '.the', '.format', '.#.xml', '.and',
> etc. Clearly, the profile must be fixed.

From a quick look at all the profiles, only program.soffice.bin appears to be affected.

Steps to Reproduce:
see downstream bug report: https://launchpad.net/bugs/1741581

Actual Results:  
The apparmor profile allows access to unexpected files, such as *.the and *.and under $HOME.

Expected Results:
The apparmor profile should not allow access to files named *.the or *.and under $HOME.


Reproducible: Always


User Profile Reset: No



Additional Info:


User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.40 Safari/537.36
Comment 1 Commit Notification 2018-01-13 10:02:47 UTC 
Olivier Tilloy committed a patch related to this issue.
It has been pushed to "master":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=35ad7482af49ab80d348b619b6d420ee170d3e5d

tdf#114915 Apparmor profile update (invalid comments syntax)

It will be available in 6.1.0.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.
Comment 2 Commit Notification 2018-02-22 22:23:30 UTC 
Olivier Tilloy committed a patch related to this issue.
It has been pushed to "libreoffice-6-0":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=1ee5162cd58f61d645d72e51113fe4645e8629eb&h=libreoffice-6-0

tdf#114915 Apparmor profile update (invalid comments syntax)

It will be available in 6.0.2.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.
Comment 3 Commit Notification 2018-08-10 07:10:24 UTC 
Rene Engelhard committed a patch related to this issue.
It has been pushed to "master":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=d0841a1828dad5d9aa1ce92b234092e9b1180d31

test apparmor profile parsing (see tdf#114915)

It will be available in 6.2.0.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.