I don't know all that much about configuring AppArmor, but for what it's worth for me on Linux Mint Sylvia 18.3 (still supported, although older than your Tara 19.0) using the LibreOffice PPA for its newer versions of LibreOffice (currently 6.2.8)...
Gys wrote:
Hi,
in my Linux Mint Tara aa-status lists 3 profiles related to LibreOffice :
libreoffice-xpdfimport (enforce)
libreoffice-senddoc (enforce)
libreoffice-oopslash (complain)
I have:
libreoffice-senddoc (enforce)
libreoffice-soffice//gpg (enforce)
libreoffice-xpdfimport (enforce)
libreoffice-oopslash (complain)
libreoffice-soffice (complain)
In the kernel log libreoffice-oopslash is complaining about a lot of things.
Looking at my logs from the last week, I see a few "audit" messages relating to libreoffice-soffice and libreoffice-oopslash. Looks like a cluster of about 10 entries for libreoffice-soffice each time I start LibreOffice, with a few others for soffice and oopslash in between - but I don't tend to be using it continuously for hours on end.
Both the program and the profile in Nemo is oosplash
usr/lib/libreoffice/program/oosplash
/etc/apparmor.d/usr.lib.libreoffice.program.oosplash
Search oopslash in / in Nemo gives no results
Questions
1) Is the "p" and "s" reversal a typo ?
As mentioned at the start, I'm no expert on AppArmor, but it does look suspiciously like a typo. I guess it might only affect the displayed name of the profile though, since the executable it applies to appears to be correctly spelled "oosplash":
profile libreoffice-oopslash /usr/lib/libreoffice/program/oosplash flags=(complain) {...}
2) Why is there no profile for /usr/lib/libreoffice/program/soffice.bin ?
For me the </etc/apparmor.d/usr.lib.libreoffice.program.*> files, including one for soffice.bin, are provided by the libreoffice-common package, which I've installed from the PPA. From a quick look at the .deb packages from libreoffice.org it doesn't look like any of them contain AppArmor profiles, so I'd guess they're added by the Ubuntu/PPA package maintainer. Perhaps the PPA maintainer adds a profile for soffice.bin while the Ubuntu one doesn't.
3) Is there anyone here with a working AppArmor profile for LibreOffice and would you be so kind to share ?
I've attached the libreoffice-soffice profile installed on my system (with a .txt extension added - hopefully enough to get it through the mailing list). No guarantee it will work with your version though. It does say in comments near the top:
# This profile should enable the average LibreOffice user to get their # work done while blocking some advanced usage
# ...
so I guess some complaints in "complain" mode may be expected.
4) I looked on-line but could not find an updated AppArmor profile for LibreOffice or even the profile shipped with Version: 6.0.7.3
Build ID: 1:6.0.7-0ubuntu0.18.04.10 (?)
I've no idea who actually maintains them. From a quick look, it doesn't look like any of the .deb files downloaded from libreoffice.org contains AppArmor profiles, so I'm guessing they're added by the Ubuntu/PPA package maintainer.
usr.lib.libreoffice.program.soffice.bin.txt (10.4 KB)
![[TEST] Document Foundation Community](https://communitytest.documentfoundation.org/images/discourse-logo-sketch.png){kind=logo}