https://developer.ubuntu.com/en/start/platform/guides/online-accounts-
developer-guide/ and
https://developer.ubuntu.com/en/start/platform/guides/app-confinement/
probably need an update now.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubu
** Changed in: developer-ubuntu-com
Importance: Undecided => High
** Changed in: developer-ubuntu-com
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1219644
Title:
** Also affects: developer-ubuntu-com
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1219644
Title:
Account plugins should be made confinable by apparmor
** Changed in: click-reviewers-tools
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1219644
Title:
Account plugins should be made confinable by apparmor
To
These latest issues are now being tracked in bug #1468792.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1219644
Title:
Account plugins should be made confinable by apparmor
To manage notifications
** Changed in: click-reviewers-tools
Status: Confirmed => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1219644
Title:
Account plugins should be made confinable by apparmor
To ma
Also, if I allow this access in the profile, then the next denial is:
Jun 24 17:12:00 ubuntu-phablet kernel: [44546.645041] type=1400
audit(1435183920.324:495): apparmor="DENIED" operation="mknod"
profile="com.ubuntu.developer.rmescandon.asana_account-plugin_1.0.0"
name="/home/phablet/.cache/QML
Also, why is it trying to create /home/phablet/.cache/QML/Apps/online-
accounts-ui/? We agreed it should be using @{HOME}/.cache/online-
accounts-ui/ which is what the apparmor policy allows (ie, QML/Apps is
inserted in the path and this isn't allowed by the profile).
--
You received this bug not
>> * the account plugin is trying to create /home/phablet/.cache/online-
accounts-ui/ -- this should be created on the account plugin's behalf
> Indeed, I'll make sure that this is created before the plugin is
executed.
This is still not fixed:
Jun 24 17:02:55 ubuntu-phablet kernel: [44001.684473
** Changed in: ubuntu-system-settings-online-accounts
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1219644
Title:
Account plugins should be made confinable
This bug was fixed in the package ubuntu-system-settings-online-accounts
- 0.6+15.04.20150319-0ubuntu1
---
ubuntu-system-settings-online-accounts (0.6+15.04.20150319-0ubuntu1) vivid;
urgency=medium
[ Alberto Mardegan ]
* Merge from upstream
- Add account data as search keywor
Regarding the /tmp access-- I'm guessing that TMPDIR is not being set by
the process launching the confined plugin. It can be set to one of the
writable directories in the 1.3.4 policy; I suggest /run/user/$USER
/online-accounts-ui/@{APP_PKGNAME}_@{APP_APPNAME}/ since it is in /run
and will be clea
** Branch linked: lp:~mardy/ubuntu-system-settings-online-
accounts/lp1219644-cont
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1219644
Title:
Account plugins should be made confinable by apparmor
On 02/03/2015 11:28 PM, Jamie Strandboge wrote:
> I started playing with this and have a few observations:
> * the account plugin is trying to access /proc//attr/current - should
> this be explicitly denied to silence the denial?
No, I think that this happens because the account plugin code is ca
Reopening for ubuntu-system-settings-online-accounts, since we have
still some work to do.
** Changed in: ubuntu-system-settings-online-accounts
Status: Fix Released => Confirmed
** Changed in: ubuntu-system-settings-online-accounts (Ubuntu)
Status: Fix Released => Confirmed
--
Yo
This bug was fixed in the package apparmor-easyprof-ubuntu - 1.3.4
---
apparmor-easyprof-ubuntu (1.3.4) vivid; urgency=medium
[ Alberto Mardegan ]
* ubuntu/accounts: explictly deny access to the p2p socket. This will now be
available only to unconfined apps to support a truste
** Branch linked: lp:ubuntu/vivid-proposed/apparmor-easyprof-ubuntu
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1219644
Title:
Account plugins should be made confinable by apparmor
To manage noti
Using this for the evernote-account-plugin.apparmor:
{
"template": "ubuntu-account-plugin",
"policy_groups": [
"accounts",
"audio",
"networking",
"webview"
],
"policy_version": 1.2
}
with apparmor-easyprof-ubuntu 1.3.4 (pending upload), I can success
I started playing with this and have a few observations:
* the account plugin is trying to access /proc//attr/current - should this
be explicitly denied to silence the denial?
* the account plugin is trying to create
/home/phablet/.cache/online-accounts-ui/ -- this should be created on the
accou
Also, something isn't honoring and/or setting TMPDIR, since I'm seeing denials
like this:
Feb 3 21:32:09 ubuntu-phablet kernel: [ 5292.570730] type=1400
audit(1422999129.043:411): apparmor="DENIED" operation="mknod"
profile="com.ubuntu.reminders_evernote-account-plugin_0.5.latest"
name="/tmp/e
Jamie, I've been using this:
http://mardy.it/archivos/com.ubuntu.reminders_0.5.latest_armhf.click
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1219644
Title:
Account plugins should be made confinab
The approach to take is to create an 'ubuntu-account-plugin' template.
Mardy, do you have an example click I could use to test exactly what is
needed?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1219
** Branch unlinked: lp:~online-accounts/ubuntu-system-settings-online-
accounts/master
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1219644
Title:
Account plugins should be made confinable by appar
** Changed in: ubuntu-system-settings-online-accounts
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1219644
Title:
Account plugins should be made confinabl
This bug was fixed in the package ubuntu-system-settings-online-accounts
- 0.6+15.04.20150116-0ubuntu1
---
ubuntu-system-settings-online-accounts (0.6+15.04.20150116-0ubuntu1) vivid;
urgency=medium
[ Alberto Mardegan ]
* New upstream release
- Make sure app items are not over
** Branch linked: lp:ubuntu/vivid-proposed/ubuntu-system-settings-
online-accounts
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1219644
Title:
Account plugins should be made confinable by apparmor
** Branch linked: lp:~online-accounts/ubuntu-system-settings-online-
accounts/master
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1219644
Title:
Account plugins should be made confinable by apparmo
** Branch linked: lp:~mardy/ubuntu-system-settings-online-accounts
/click-plugins
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1219644
Title:
Account plugins should be made confinable by apparmor
Latest version:
owner
/{,var/}run/user/*/online-accounts-ui/ui-*-@{APP_PKGNAME}_@{APP_APPNAME} rw,
owner @{HOME}/.cache/online-accounts-ui/id-*-@{APP_PKGNAME}_@{APP_APPNAME}/
rw,
owner @{HOME}/.cache/online-accounts-ui/id-*-@{APP_PKGNAME}_@{APP_APPNAME}/**
mrwkl,
dbus (send)
bus=
I can create an evernote account with these rules:
owner @{HOME}/.cache/online-accounts-ui/id-*-@{APP_PKGNAME}_@{APP_APPNAME}/
rw,
owner @{HOME}/.cache/online-accounts-ui/id-*-@{APP_PKGNAME}_@{APP_APPNAME}/**
mrwkl,
dbus (send)
bus=session
path="/com/google/code/AccountsSSO/A
I'll update the bug with comments as I find new apparmor rules being required.
So, this is also required:
owner @{HOME}/.cache/online-accounts-
ui/id-*-@{APP_PKGNAME}_@{APP_APPNAME}/ rw,
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubunt
** Also affects: click-reviewers-tools
Importance: Undecided
Status: New
** Changed in: apparmor-easyprof-ubuntu (Ubuntu)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
** Changed in: apparmor-easyprof-ubuntu (Ubuntu)
Importance: Undecided => Medium
** Changed in: apparm
The attached branch is a WIP with the changes on the Online Accounts
part.
I added the apparmor-easyprof-ubuntu project to the bug because I think
we'll need some changes there:
- There should be a way to specify an apparmor policy file for an
account plugin, in the manifest file. This policy wil
** Also affects: apparmor-easyprof-ubuntu (Ubuntu)
Importance: Undecided
Status: New
** Changed in: ubuntu-system-settings-online-accounts
Status: Confirmed => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubunt
34 matches
Mail list logo
