Opening DOC, DOCX or ODT in LibreOffice triggers "large window" notification

[eloquence]

Environment

• Qubes staging env running RPM 0.4.0, Client 20200709-nightly against SD staging server running SD 1.4.1.
• ThinkPad T480, screen resolution 1920x1080

STR:

1. Submit the ODT file contained in odt.zip as a source
2. Sync with that SecureDrop instance using the SecureDrop Client
3. Attempt to download, decrypt and open the file using the SecureDrop Client

Expected behavior:

The ODT file opens normally in a LibreOffice disposable VM

Actual behavior:

Scary "very large window" notification is shown, then the ODT file is opened in LibreOffice (full window size).

[eloquence]

I've not been able to reproduce this with non-LibreOffice file types yet (PDF, JPG, ZIP). Very curious if others can repro.

[rmol]

I have seen this warning in other contexts, while not using the client or LibreOffice. I think it might only have happened when I switched from my external monitor to the internal display though. I'll see if I can cause it deliberately today.

[emkll]

I can reliably reproduce this message with a .docx file as well, on a machine using the current production template (built on 20200214. It is not a regression introduced by the new template but perhaps some upstream changes #579

[eloquence]

@marmarek We're seeing this message now with standard LibreOffice document open operations. We'll look into upstream changes, but curious if you're aware of simple mitigation steps we can take to avoid triggering this notification, which is likely to be very confusing for less technical journalist users.

[eloquence]

Still an issue (noticing this during QA for 0.5.0), we should try to resolve as this warning may suggest malware or other malfeasance during normal use of LibreOffice as a viewer.

[eloquence]

(Still an issue on Qubes 4.0, haven't tested in 4.1 yet.)

[conorsch]

Looks like there's a guid.conf setting we can toggle off: https://github.com/QubesOS/qubes-gui-daemon/pull/41/files#diff-4ddf4267f83a661ef30734f18045fb5ebaa82ab478eaf0119bf1f5a0eef812fbR7 That should resolve.

[marmarek]

Note in R4.1, you set guid.conf options via qvm-features: https://dev.qubes-os.org/projects/core-admin-client/en/latest/manpages/qvm-features.html#gui-gui-default (can be set on dom0 too, to affect all VMs that you use GUI in dom0 for).

[marmarek]

I'm not sure what part of LibreOffice triggers it (some splash screen?), but generally this protection is useful thing. For example Zoom tries to create overlay for the whole screen if you do screen share. Without this protection, it can effectively prevent you clicking anywhere...

Maybe we need an option to disable the notification, but keep the feature enabled? Currently it's once per VM start.

[conorsch]

In our case, LibreOffice is running in a DispVM, so the once-per-VM-start effectively becomes "every single time." Configuring via features for 4.1 sounds like the right fit for us, thanks @marmarek!

[zenmonkeykstop]

This should be easy to apply on the 4.2 workstation. Keeping in backlog