Libreoffice snap cannot read files from /tmp directory

[mind-bending-forks]

Problem

Libreoffice snap cannot read files from the /tmp directory. Running libreoffice /tmp/some-file-that-exists.docx from the command line results in libreoffice being launched and then reporting

before closing again when you hit OK - even though the file does exist and is readable by the current user. The syslog indicates that apparmor is intervening to block this.

It is not possible to open files from a web browser, mail client, or other applications that save documents to /tmp, since the same thing occurs. I have only encountered this problem since switching to the snap version of libreoffice, so presume it's an issue with the snap configuration and how it interacts with apparmor.

I've checked whether there are other snap interfaces available I could connect to for libreoffice to overcome this, but the only ones the libreoffice snap provides and is not already connected to are bluez and cups-control, and they are unrelated.

For info, I'm also having problems working with files on samba shares using the snap package, which I wasn't having before that. With the snap package, I can only obtain read-only access to files on a samba share. I haven't investigated yet, but I suspect the cause of the problem may be similar, but this time relating to /run/user/<uid>/gvfs/... rather than /tmp.

Details

(I've obfuscated some system-specific information in the output below.)

Syslog output:

Jul 13 09:19:57 user-machine systemd[5016]: Started snap.libreoffice.libreoffice.########-####-####-####-############.scope.
Jul 13 09:20:03 user-machine dbus-daemon[5034]: apparmor="DENIED" operation="dbus_method_call"  bus="session" path="/org/libreoffice" interface="org.freedesktop.DBus.Properties" member="GetAll" name=":1.25" mask="receive" pid=43974 label="snap.libreoffice.libreoffice" peer_pid=5150 peer_label="unconfined"
Jul 13 09:20:03 user-machine kernel: [ 3001.164950] audit: type=1400 audit(1689236403.590:234): apparmor="DENIED" operation="connect" profile="snap.libreoffice.libreoffice" name="/run/cups/cups.sock" pid=43974 comm=435550534D616E6167657220637570 requested_mask="wr" denied_mask="wr" fsuid=1000 ouid=0
Jul 13 09:20:04 user-machine kernel: [ 3001.746933] audit: type=1326 audit(1689236404.174:235): auid=1000 uid=1000 gid=1000 ses=3 subj=snap.libreoffice.libreoffice pid=43974 comm="configmgrWriter" exe="/snap/libreoffice/279/lib/libreoffice/program/soffice.bin" sig=0 arch=c000003e syscall=92 compat=0 ip=0x7f0386532c1b code=0x50000

cat /etc/lsb-release

DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=22.04
DISTRIB_CODENAME=jammy
DISTRIB_DESCRIPTION="Ubuntu 22.04.2 LTS"

snap list libreoffice

Name         Version  Rev  Tracking       Publisher   Notes
libreoffice  7.5.4.2  279  latest/stable  canonical✓  -

snap connections libreoffice

Interface               Plug                                Slot                            Notes
audio-playback          libreoffice:audio-playback          :audio-playback                 -
bluez                   libreoffice:bluez                   -                               -
content[gnome-42-2204]  libreoffice:gnome-42-2204           gnome-42-2204:gnome-42-2204     -
content[gtk-3-themes]   libreoffice:gtk-3-themes            gtk-common-themes:gtk-3-themes  -
content[icon-themes]    libreoffice:icon-themes             gtk-common-themes:icon-themes   -
content[sound-themes]   libreoffice:sound-themes            gtk-common-themes:sound-themes  -
cups-control            libreoffice:cups-control            -                               -
desktop                 libreoffice:desktop                 :desktop                        -
desktop-legacy          libreoffice:desktop-legacy          :desktop-legacy                 -
gsettings               libreoffice:gsettings               :gsettings                      -
home                    libreoffice:home                    :home                           -
network                 libreoffice:network                 :network                        -
network-bind            libreoffice:network-bind            :network-bind                   -
opengl                  libreoffice:opengl                  :opengl                         -
pulseaudio              libreoffice:pulseaudio              :pulseaudio                     -
removable-media         libreoffice:removable-media         :removable-media                -
screen-inhibit-control  libreoffice:screen-inhibit-control  :screen-inhibit-control         -
unity7                  libreoffice:unity7                  :unity7                         -
wayland                 libreoffice:wayland                 :wayland                        -
x11                     libreoffice:x11                     :x11                            -

which libreoffice

/snap/bin/libreoffice

ls -l / | grep tmp

drwxrwxrwt  20 root root      20480 Jul 13 09:20 tmp

ls -l /tmp/some-file-that-exists.docx

-r-------- 1 currentuser currentuser 42535 Jul 13 09:18 /tmp/some-file-that-exists.docx