I might also mention on IRC the exact type of thing why we've had these rules in the profile that ship them:
[119698.000187] audit: type=1400 audit(1555405334.985:222): apparmor="DENIED" operation="exec" profile="/usr/sbin/kopano-search" name="/usr/bin/x86_64-linux-gnu-gcc-8" pid=15647 comm="kopano-search" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 We aren't going to put compiler execution into the python (or likely any other) abstraction. It is difficult because for security you only want enough access so the application can behave normally which is often at odds with access the the application needs when it crashes or behaves unexpectedly (indeed, we wrap applications with apparmor precisely to limit what they can do when behaving unexpectedly). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1824961 Title: AppArmor blocks apport python hook from working To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1824961/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
