[Pkg-privacy-maintainers] Bug#981817: Bug#981817: onioncircuits: Permission denied: '/usr/local/lib/python3.7/dist-packages/psutil-5.7.2.dist-info'

[nodens]

On 10/02/2021 11:02, Ulrike Uhlig wrote:
> Hi!
> 
> On 10.02.21 00:18, Jonathan Marquardt wrote:
>> On Fri, Feb 05, 2021 at 12:08:49PM +0100, Clément Hermann wrote:
>>> On 04/02/2021 13:04, Jonathan Marquardt wrote:
>>>> On Thu, Feb 04, 2021 at 12:23:17PM +0100, Clément Hermann wrote:
> 
>> However I found out that it always works (on all of my systems) if I
>> launch
>> onionciruits with the command:
>>
>> $ python3 /usr/bin/onionciruits
>>
>> I have no idea why.
> 
> Could this be related to AppArmor?
> 
> Just a random idea.

Oh right. Of course. Thanks Ulrike :)


Yes, the apparmor profile shipped with onioncircuit won't allow access
to stuff in /usr/local. So python interpreter can't actually run.

I would still advise against mixed system-wide stuff from debian package
and from pip; and use virtualenv instead for any local needs, but this
could probably also be worked around by:

- disabling the onioncircuits profile (not recommended), or
- adding some local rules to allow access to /usr/local/ in
/etc/apparmor.d/local/usr.bin.onioncircuits

The existing rules in /etc/apparmor.d/usr.bin.onioncircuits could be
used as a starting point. I don't think it's relevant to include new
rules in the package.

If you prefer, I could reopen the bug and tag it as wontfix for clarity.

Cheers,

-- 
nodens