Comment 3 for bug 1863151

messages when opening a file:

several lines of type

Jul 8 09:28:31 dinar-comp kernel: [436272.154664] audit: type=1400 audit(1594189711.176:1784): apparmor="ALLOWED" operation="open" profile="libreoffice-soffice" name=.... pid=194987 comm="pool-soffice" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000

with file names in /home/dinar/Загрузки/ with different extensions, which are not allowed for libreoffice. is it possible to hide this messages with audit deny?

messages when saving a file:

Jul 8 09:29:25 dinar-comp kernel: [436326.363734] audit: type=1400 audit(1594189765.369:1806): apparmor="ALLOWED" operation="mknod" profile="libreoffice-soffice" name=2F686F6D652F64696E61722FD097D0B0D0B3D180D183D0B7D0BAD0B82F6C75313934393837637A647636682E746D70 pid=194987 comm="soffice.bin" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
Jul 8 09:29:25 dinar-comp kernel: [436326.363772] audit: type=1400 audit(1594189765.369:1807): apparmor="ALLOWED" operation="open" profile="libreoffice-soffice" name=2F686F6D652F64696E61722FD097D0B0D0B3D180D183D0B7D0BAD0B82F6C75313934393837637A647636682E746D70 pid=194987 comm="soffice.bin" requested_mask="wrc" denied_mask="wrc" fsuid=1000 ouid=1000
Jul 8 09:29:25 dinar-comp kernel: [436326.364023] audit: type=1400 audit(1594189765.369:1808): apparmor="ALLOWED" operation="open" profile="libreoffice-soffice" name=2F686F6D652F64696E61722FD097D0B0D0B3D180D183D0B7D0BAD0B82F6C75313934393837637A647636682E746D70 pid=194987 comm="soffice.bin" :

the code decoded is /home/dinar/Загрузки/lu194987czdv6h.tmp

there is this corresponding rule in /etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin :

owner @{libo_user_dirs}/{,**/}lu??????????{,?}.tmp rwk, #Temporary file used when saving

with man apparmor.d i see:

{ab,cd} will expand to one rule to match ab, one rule to match cd

so, the rule allows only 10 or 11 chars after lu, before dot, but there is 12.