You are not logged in.

#1 2018-03-20 16:48:10

coolguy21
Member
Registered: 2016-07-05
Posts: 87

Apparmor profile help

Followed this guide: https://gitlab.com/apparmor/apparmor/wi … with_tools and saved usr.bin.gajim after scanning.
After I restart machine and run Gajim from terminal I get:

Fatal Python error: Py_Initialize: Unable to get the locale encoding
ModuleNotFoundError: No module named 'encodings'

Current thread 0x00006a383a1d5540 (most recent call first):
Aborted (core dumped)

If I delete the profile and restart machine it runs (to confirm it is profile causing).

This is my current profile

# vim:syntax=apparmor
# ------------------------------------------------------------------
#
#    Copyright (C) 2015-2018 Mikhail Morfikov
#
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of version 2 of the GNU General Public
#    License published by the Free Software Foundation.
#
# ------------------------------------------------------------------

#include <tunables/global>

/usr/bin/gajim {
  #include <abstractions/base>
  #include <abstractions/X>
  #include <abstractions/fonts>
  #include <abstractions/freedesktop.org>
  #include <abstractions/python>
  #include <abstractions/user-tmp>
  #include <abstractions/nameservice>
  #include <abstractions/openssl>
  #include <abstractions/dconf>

  /usr/bin/gajim mr,

  /usr/bin/ r,
  /usr/local/bin/ r,

  # Gajim plugins
  /usr/share/gajim/plugins/ r,
  /usr/share/gajim/plugins/** r,

  # Gajim home files
  owner @{HOME}/.config/gajim/ rw,
  owner @{HOME}/.config/gajim/** rw,
  owner @{HOME}/.local/share/gajim/ rw,
  owner @{HOME}/.local/share/gajim/** rwk,

  # User downloads
  owner @{HOME}/[dD]ownload{,s}/ r,
  owner @{HOME}/[dD]ownload{,s}/** rwl,
  owner @{HOME}/[dD]esktop/ r,
  owner @{HOME}/[dD]esktop/** rwl,

  # Cache
  owner /tmp/morfik_cache/.cache/gajim/ rwk,
  owner /tmp/morfik_cache/.cache/gajim/** rwk,
  owner @{HOME}/.cache/gajim/ rwk,
  owner @{HOME}/.cache/gajim/** rwk,

  # Deny access to webcam and mic
  deny /dev/video0 rw,
  deny /dev/v4l/by-path/ r,
  deny /dev/snd/pcmC0D0c rw,

  owner @{PROC}/@{pid}/mounts r,
  owner @{PROC}/@{pid}/fd/ r,
  owner @{PROC}/@{pid}/mountinfo r,

  # External apps
  /usr/lib/firefox/firefox rPUx,
  /usr/bin/gpg rPUx,

  /usr/share/glib-2.0/schemas/gschemas.compiled r,

  owner /{,var/}run/user/[0-9]*/dconf/user rw,

  # Silencer
  deny /usr/lib/python3/dist-packages/** w,
  deny /usr/share/gajim/plugins/** w,
  deny @{HOME}/ r,

  # Sounds
  /usr/bin/aplay Cx -> audio,
  /usr/bin/pacat Cx -> audio,
  profile audio {
    #include <abstractions/base>
    #include <abstractions/audio>

    /usr/bin/aplay mr,
    /usr/bin/pacat mr,

    owner @{HOME}/.Xauthority r,

    /etc/machine-id r,
    /var/lib/dbus/machine-id r,

  }

  /sbin/ldconfig Cx -> ldconfig,
  profile ldconfig {
    #include <abstractions/base>

    /sbin/ldconfig mr,

  }

  /bin/dash Cx -> dash,
  profile dash {
    #include <abstractions/base>

    /bin/dash mr,

    /bin/uname rix,

    /usr/bin/gpg rPUx,

  }

}

Offline

Board footer

Powered by FluxBB