[apparmor] [Bug 840734] Re: abstractions/python not including /usr/include/python folders

[Felix Geyer]

Indeed even a minimalistic python application reads pyconfig.h so adding
something like this to abstractions/python would be a very good idea:

/usr/include/python2.[4567]/pyconfig.h r,

-- 
You received this bug notification because you are a member of AppArmor
Developers, which is the registrant for AppArmor.
https://bugs.launchpad.net/bugs/840734

Title:
  abstractions/python not including /usr/include/python folders

Status in AppArmor Linux application security framework:
  New

Bug description:
  Binary package hint: apparmor

  How to find:

  hani at JustD:~$ cat /home/hani/myapp
  #! /usr/bin/python
  hani at JustD:~$ sudo aa-autodep /home/hani/myapp
  hani at JustD:~$ chmod +x myapp
  hani at JustD:~$ ./myapp

  hani at JustD:~$ sudo aa-logprof home.hani.myapp
  Reading log entries from /var/log/syslog.
  Updating AppArmor profiles in /etc/apparmor.d.
  Complain-mode changes:

  Profile:  /home/hani/myapp
  Path:     /usr/include/python2.7/pyconfig.h
  Mode:     r
  Severity: unknown

  
  abstractions/python doesn't include the python folders in /usr/include. These are:
  /usr/include/python2.6
  /usr/include/python2.6_d
  /usr/include/python2.7
  /usr/include/python2.7_d
  /usr/include/python3.1
  /usr/include/python3.2mu

  Fix: Adding /usr/include/python{2,3}.[0-7]*/** r,  to
  /etc/apparmor.d/abstractions/python

  I've attached a diff for that.

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/840734/+subscriptions