This bug was fixed in the package ubuntu-system-settings-online-accounts - 0.6+15.10.20150715-0ubuntu1
--------------- ubuntu-system-settings-online-accounts (0.6+15.10.20150715-0ubuntu1) wily; urgency=medium [ Alberto Mardegan ] * Inject the APP_ID into the child process's environment. (LP: #1468792) [ CI Train Bot ] * New rebuild forced. * Resync trunk. -- CI Train Bot <ci-train-...@canonical.com> Wed, 15 Jul 2015 11:13:52 +0000 ** Changed in: ubuntu-system-settings-online-accounts (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1468792 Title: various apparmor denials when using ubuntu-account-plugin template Status in Online Accounts setup for Ubuntu Touch: In Progress Status in apparmor-easyprof-ubuntu package in Ubuntu: Fix Released Status in click-reviewers-tools package in Ubuntu: Fix Released Status in ubuntu-system-settings-online-accounts package in Ubuntu: Fix Released Bug description: This is a new bug for the problems seen in bug #1219644. Specifically: 1. There is a denial to create this directory if it does not exist already: Jun 24 17:02:55 ubuntu-phablet kernel: [44001.684473] type=1400 audit(1435183375.362:404): apparmor="DENIED" operation="mkdir" profile="com.ubuntu.developer.rmescandon.asana_account-plugin_1.0.0" name="/home/phablet/.cache/QML/Apps/online-accounts-ui/" pid=15145 comm="QQmlThread" requested_mask="c" denied_mask="c" fsuid=32011 ouid=32011 2. If you create that directory, the next denial is not application specific (ie, it doesn't use the APP_ID): Jun 24 17:12:00 ubuntu-phablet kernel: [44546.645041] type=1400 audit(1435183920.324:495): apparmor="DENIED" operation="mknod" profile="com.ubuntu.developer.rmescandon.asana_account-plugin_1.0.0" name="/home/phablet/.cache/QML/Apps/online-accounts-ui/ea1df0af2467507eb3888f68100da073" pid=17998 comm="QQmlThread" requested_mask="c" denied_mask="c" fsuid=32011 ouid=32011 3. The apparmor policy has rules for this: owner @{HOME}/.cache/online-accounts-ui/id-*-@{APP_PKGNAME}_@{APP_APPNAME}/ rw, owner @{HOME}/.cache/online-accounts-ui/id-*-@{APP_PKGNAME}_@{APP_APPNAME}/** mrwkl, but *not* for: owner @{HOME}/.cache/QML/Apps/online-accounts-ui/.../ rw, owner @{HOME}/.cache/QML/Apps/online-accounts-ui/.../** mrwkl, It is not clear if '3' will be fixed if '2' is or if the policy will need this added after '2' is fixed: # Allow writes to application-specific QML cache directories owner @{HOME}/.cache/QML/Apps/@{APP_PKGNAME}_@{APP_APPNAME}_@{APP_VERSION}/ rw, owner @{HOME}/.cache/QML/Apps/@{APP_PKGNAME}_@{APP_APPNAME}_@{APP_VERSION}/** mrwkl, To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-system-settings-online-accounts/+bug/1468792/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp