Generate apparmor profiles per /sysui/desktop/share/apparmor.sh script. Note, how it longer lets LibreOffice startup. If you delete the apparmor oosplash it works fine. Even if you give very open permissions: /** rmw, /* rmw, / rmw, It still doesn't work. The apparmor audit logs doesn't say what is failing. It seems with apparmor enabled the splash screen "forgets" where it is, see strace excerpt: [pid 22837] open("tls/x86_64/libsofficeapp.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 22837] open("tls/libsofficeapp.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 22837] open("x86_64/libsofficeapp.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 22837] open("libsofficeapp.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) .... [pid 22837] stat("/lib/x86_64-linux-gnu", {st_mode=S_IFDIR|0755, st_size=20480, ...}) = 0 [pid 22837] open("/usr/lib/x86_64-linux-gnu/tls/x86_64/libsofficeapp.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) .... [pid 22837] open("/lib/tls/libsofficeapp.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 22837] stat("/lib/tls", 0x7ffdda746460) = -1 ENOENT (No such file or directory) [pid 22837] open("/lib/x86_64/libsofficeapp.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 22837] stat("/lib/x86_64", 0x7ffdda746460) = -1 ENOENT (No such file or directory) .... [pid 22837] stat("/usr/lib/tls", 0x7ffdda746460) = -1 ENOENT (No such file or directory) [pid 22837] open("/usr/lib/x86_64/libsofficeapp.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 22837] stat("/usr/lib/x86_64", 0x7ffdda746460) = -1 ENOENT (No such file or directory) [pid 22837] open("/usr/lib/libsofficeapp.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 22837] stat("/usr/lib", {st_mode=S_IFDIR|0755, st_size=36864, ...}) = 0 [pid 22837] writev(2, [{"/opt/libreofficedev5.2/program/s"..., 42}, {": ", 2}, {"error while loading shared libra"..., 36}, {": ", 2}, {"libsofficeapp.so", 16}, {": ", 2}, {"cannot open shared object file", 30}, {": ", 2}, {"No such file or directory", 25}, {"\n", 1}], 10/opt/libreofficedev5.2/program/soffice.bin: error while loading shared libraries: libsofficeapp.so: cannot open shared object file: No such file or directory
Additionaly, if you go the path of the exe (/opt/libreofficedev5.2/program/) it works! If you do it from anywhere else it doesn't.
Think I found a solution, will post to gerrit if so.
Posted here: https://gerrit.libreoffice.org/#/c/24043/ Next up will be to make it so all the LibreOffice tests pass while AppArmored.
Bryan Quigley committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=577fbba417454da8cd461da71fee8b97896d2497 tdf#99251 Update AppArmor Profiles It will be available in 5.2.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.