Since the go-onlineaccounts bug task was added, I guess we are also
tracking the problems with scopes here too.
In my investigations last week, I came to the conclusion that the
problems were not limited to the Go scopes, but instead affected all
scopes running under confinement.
After digging in a bit, it isn't clear how it can be fixed without
changes to the online accounts API. The way the online accounts
integration for scopes works is:
1. the scope starts a signin session for the account service with the
"no interaction" flag set. If no token can be retrieved (either because
no account is available, or because the token isn't available), it will
push a result with a special login button.
2. When the special result is clicked by the user, the dash will
initiate the account creation process with the
OnlineAccountsClient::Setup class.
3. If the account is successfully created, the dash refreshes the
scope's results. The scope starts another signin session and finds the
new token and displays personalised results.
>From my understanding, this breaks down because it is the dash's
AppArmor label (which I guess would be unconfined) that gets added to
the ACL for the account service. What would be needed here would be
some kind of API the dash could use to ask for a second AppArmor label
to be added to the ACL.
** Changed in: go-onlineaccounts
Status: Triaged => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-system-settings-
online-accounts in Ubuntu.
https://bugs.launchpad.net/bugs/1376445
Title:
Addition of signon-apparmor-extension causes token lookup problems
Status in go-onlineaccounts:
Incomplete
Status in The Savilerow project:
Invalid
Status in ACL for signond, AppArmor backend:
Fix Released
Status in Online Accounts setup for Ubuntu Touch:
In Progress
Status in “ubuntu-system-settings-online-accounts” package in Ubuntu:
In Progress
Status in “ubuntuone-credentials” package in Ubuntu:
Confirmed
Status in “signon-apparmor-extension” package in Ubuntu RTM:
Triaged
Status in “ubuntuone-credentials” package in Ubuntu RTM:
Confirmed
Bug description:
As of image ~264 of ubuntu-touch, the signon-apparmor-extension
package is included. As a result, apps like pay-ui cannot find the
token any longer, and are not being notified that they are not allowed
to access the token. The following error appears in the payui log
file:
2014-10-01 19:15:51,550 - DEBUG -
../../../../lib/SignOn/authsessionimpl.cpp 184 errorSlot
QDBusError("com.google.code.AccountsSSO.SingleSignOn.Error.PermissionDenied",
"Client has insuficient permissions to access the
service.Method:getAuthSessionObjectPath")
To manage notifications about this bug go to:
https://bugs.launchpad.net/go-onlineaccounts/+bug/1376445/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
