Alberto, can you look at these accesses:
Sep 4 07:07:11 ubuntu-phablet kernel: [30791.811075] type=1400
audit(1378278431.009:2810): apparmor="DENIED" operation="open" parent=716
profile="com.wellsb.blackjack-app_blackjack-app_0.0.1"
name="/home/phablet/.config/libaccounts-glib/accounts.db" pid=2
Alberto, the accounts policy group
(/usr/share/apparmor/easyprof/policygroups/ubuntu/1.0/accounts) currently has:
# Description: Can use Online Accounts
dbus (receive, send)
bus=session
path=/com/google/code/AccountsSSO/SingleSignOn
interface=com.google.code.AccountsSSO.SingleSignOn
Can you attach the click package to this bug or otherwise make it
available for testing?
** Changed in: apparmor-easyprof-ubuntu (Ubuntu)
Status: New => Incomplete
** Also affects: apparmor-easyprof-ubuntu (Ubuntu Saucy)
Importance: Undecided
Status: Incomplete
** Changed in: ap
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: signon (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to signon in Ubuntu.
https://bugs.launchpad.net/bugs/122055
Hi Jamie, so, there are two pieces that the accounts policy group should allow:
1) Access the signond dbus interfaces and socket (correctly done by the policy
you pasted in comment #3)
2) Allow access to the accounts DB, as in
https://wiki.ubuntu.com/SecurityTeam/Specifications/ApplicationConfine
** Branch linked: lp:ubuntu/saucy-proposed/apparmor-easyprof-ubuntu
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libaccounts-glib in Ubuntu.
https://bugs.launchpad.net/bugs/1220552
Title:
App Armor denies access, despite appropriate
Thanks Alberto, I'll update the policy in the next apparmor-easyprof-
ubuntu upload.
** Changed in: apparmor-easyprof-ubuntu (Ubuntu Saucy)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
** Changed in: signon (Ubuntu Saucy)
Status: Invalid => Triaged
** Changed in: signon (Ubu
I've attached a .click you can use for testing
** Attachment added: "com.wellsb.blackjack-app_0.0.1_all.click"
https://bugs.launchpad.net/ubuntu/saucy/+source/apparmor-easyprof-ubuntu/+bug/1220552/+attachment/3802397/+files/com.wellsb.blackjack-app_0.0.1_all.click
--
You received this bug no
This is actually libaccounts-glib. It will need a change to open the
sqlite database as readonly. Marking its task as Triaged.
** Package changed: signon (Ubuntu) => libaccounts-glib (Ubuntu)
** Changed in: libaccounts-glib (Ubuntu Saucy)
Status: Won't Fix => Triaged
** No longer affects:
This bug was fixed in the package apparmor-easyprof-ubuntu - 1.0.28
---
apparmor-easyprof-ubuntu (1.0.28) saucy; urgency=low
* accounts policy group: allow read access to accounts.db (LP: #1220552)
* audio policy group: allow a few more pulseaudio accesses (LP: #1220552)
* ubunt
** Changed in: signon (Ubuntu Saucy)
Status: Confirmed => Invalid
** Bug watch added: Accounts&SSO issues #199
http://code.google.com/p/accounts-sso/issues/detail?id=199
** Also affects: libaccounts-glib via
http://code.google.com/p/accounts-sso/issues/detail?id=199
Importance: Un
** Changed in: libaccounts-glib (Ubuntu Saucy)
Status: Triaged => In Progress
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libaccounts-glib in Ubuntu.
https://bugs.launchpad.net/bugs/1220552
Title:
App Armor denies access, de
** Attachment removed: "com.wellsb.blackjack-app_0.0.1_all.click"
https://bugs.launchpad.net/ubuntu/+source/libaccounts-glib/+bug/1220552/+attachment/3802397/+files/com.wellsb.blackjack-app_0.0.1_all.click
--
You received this bug notification because you are a member of Desktop
Packages, whi
Re-opening the apparmor-easyprof-ubuntu task since we need to allow the
write access until libaccounts-glib is fixed.
** Changed in: apparmor-easyprof-ubuntu (Ubuntu Saucy)
Status: Fix Released => Triaged
--
You received this bug notification because you are a member of Desktop
Packages,
This bug was fixed in the package libaccounts-glib -
1.12+13.10.20130918.1-0ubuntu1
---
libaccounts-glib (1.12+13.10.20130918.1-0ubuntu1) saucy; urgency=low
[ Alberto Mardegan ]
* New upstream release
- Allow opening the DB in read-only mode (LP: #1220552)
Fixes: http://
** Changed in: apparmor-easyprof-ubuntu (Ubuntu Saucy)
Status: Triaged => In Progress
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libaccounts-glib in Ubuntu.
https://bugs.launchpad.net/bugs/1220552
Title:
App Armor denies ac
BTW, Jamie, another thing that you might need to know is that apps using
online accounts should have read access to all files under
/usr/share/accounts/{applications,services,service-types,providers}. I
think you can safely grant them read access to everything under
/usr/share/accounts/.
--
You r
This bug was fixed in the package apparmor-easyprof-ubuntu - 1.0.32
---
apparmor-easyprof-ubuntu (1.0.32) saucy; urgency=low
* accounts:
- needs lock ('k') access to .config/libaccounts-glib/accounts.db and read
access to .config/libaccounts-glib/accounts.db*.
- read a
18 matches
Mail list logo
