Libreoffice snap cannot read files from /tmp directory #31
Description
Problem
Libreoffice snap cannot read files from the /tmp directory. Running libreoffice /tmp/some-file-that-exists.docx from the command line results in libreoffice being launched and then reporting
before closing again when you hit OK - even though the file does exist and is readable by the current user. The syslog indicates that apparmor is intervening to block this.
It is not possible to open files from a web browser, mail client, or other applications that save documents to /tmp, since the same thing occurs. I have only encountered this problem since switching to the snap version of libreoffice, so presume it's an issue with the snap configuration and how it interacts with apparmor.
I've checked whether there are other snap interfaces available I could connect to for libreoffice to overcome this, but the only ones the libreoffice snap provides and is not already connected to are bluez and cups-control, and they are unrelated.
For info, I'm also having problems working with files on samba shares using the snap package, which I wasn't having before that. With the snap package, I can only obtain read-only access to files on a samba share. I haven't investigated yet, but I suspect the cause of the problem may be similar, but this time relating to /run/user/<uid>/gvfs/... rather than /tmp.
Details
(I've obfuscated some system-specific information in the output below.)
Syslog output:
Jul 13 09:19:57 user-machine systemd[5016]: Started snap.libreoffice.libreoffice.########-####-####-####-############.scope.
Jul 13 09:20:03 user-machine dbus-daemon[5034]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/libreoffice" interface="org.freedesktop.DBus.Properties" member="GetAll" name=":1.25" mask="receive" pid=43974 label="snap.libreoffice.libreoffice" peer_pid=5150 peer_label="unconfined"
Jul 13 09:20:03 user-machine kernel: [ 3001.164950] audit: type=1400 audit(1689236403.590:234): apparmor="DENIED" operation="connect" profile="snap.libreoffice.libreoffice" name="/run/cups/cups.sock" pid=43974 comm=435550534D616E6167657220637570 requested_mask="wr" denied_mask="wr" fsuid=1000 ouid=0
Jul 13 09:20:04 user-machine kernel: [ 3001.746933] audit: type=1326 audit(1689236404.174:235): auid=1000 uid=1000 gid=1000 ses=3 subj=snap.libreoffice.libreoffice pid=43974 comm="configmgrWriter" exe="/snap/libreoffice/279/lib/libreoffice/program/soffice.bin" sig=0 arch=c000003e syscall=92 compat=0 ip=0x7f0386532c1b code=0x50000
cat /etc/lsb-releaseDISTRIB_ID=Ubuntu
DISTRIB_RELEASE=22.04
DISTRIB_CODENAME=jammy
DISTRIB_DESCRIPTION="Ubuntu 22.04.2 LTS"
snap list libreofficeName Version Rev Tracking Publisher Notes
libreoffice 7.5.4.2 279 latest/stable canonical✓ -
snap connections libreofficeInterface Plug Slot Notes
audio-playback libreoffice:audio-playback :audio-playback -
bluez libreoffice:bluez - -
content[gnome-42-2204] libreoffice:gnome-42-2204 gnome-42-2204:gnome-42-2204 -
content[gtk-3-themes] libreoffice:gtk-3-themes gtk-common-themes:gtk-3-themes -
content[icon-themes] libreoffice:icon-themes gtk-common-themes:icon-themes -
content[sound-themes] libreoffice:sound-themes gtk-common-themes:sound-themes -
cups-control libreoffice:cups-control - -
desktop libreoffice:desktop :desktop -
desktop-legacy libreoffice:desktop-legacy :desktop-legacy -
gsettings libreoffice:gsettings :gsettings -
home libreoffice:home :home -
network libreoffice:network :network -
network-bind libreoffice:network-bind :network-bind -
opengl libreoffice:opengl :opengl -
pulseaudio libreoffice:pulseaudio :pulseaudio -
removable-media libreoffice:removable-media :removable-media -
screen-inhibit-control libreoffice:screen-inhibit-control :screen-inhibit-control -
unity7 libreoffice:unity7 :unity7 -
wayland libreoffice:wayland :wayland -
x11 libreoffice:x11 :x11 -
which libreoffice/snap/bin/libreoffice
ls -l / | grep tmpdrwxrwxrwt 20 root root 20480 Jul 13 09:20 tmp
ls -l /tmp/some-file-that-exists.docx-r-------- 1 currentuser currentuser 42535 Jul 13 09:18 /tmp/some-file-that-exists.docx