Indeed even a minimalistic python application reads pyconfig.h so adding something like this to abstractions/python would be a very good idea:
/usr/include/python2.[4567]/pyconfig.h r, -- You received this bug notification because you are a member of AppArmor Developers, which is the registrant for AppArmor. https://bugs.launchpad.net/bugs/840734 Title: abstractions/python not including /usr/include/python folders Status in AppArmor Linux application security framework: New Bug description: Binary package hint: apparmor How to find: hani@JustD:~$ cat /home/hani/myapp #! /usr/bin/python hani@JustD:~$ sudo aa-autodep /home/hani/myapp hani@JustD:~$ chmod +x myapp hani@JustD:~$ ./myapp hani@JustD:~$ sudo aa-logprof home.hani.myapp Reading log entries from /var/log/syslog. Updating AppArmor profiles in /etc/apparmor.d. Complain-mode changes: Profile: /home/hani/myapp Path: /usr/include/python2.7/pyconfig.h Mode: r Severity: unknown abstractions/python doesn't include the python folders in /usr/include. These are: /usr/include/python2.6 /usr/include/python2.6_d /usr/include/python2.7 /usr/include/python2.7_d /usr/include/python3.1 /usr/include/python3.2mu Fix: Adding /usr/include/python{2,3}.[0-7]*/** r, to /etc/apparmor.d/abstractions/python I've attached a diff for that. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/840734/+subscriptions -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
