Hi! I learned about AppArmor recently and I am setting up profiles for each of my applications on my server, but I’m not sure if I should also restrict python binary executable in local python environment for my django website, because AppArmor says: “is currently marked as a program that should not have its own profile.”. Chat GPT says I should activate the environment, bypass the warning and create a profile, but I’m not sure, so I decided to ask if anyone knows better.
Congrats and i admire you’re layering on security.
Am the author of seven published Python packages including: wreck, sphinx-external-toc-strict, pytest-logging-strict, logging-strict, and a few others.
long story short, the answer to your question is use the virtualenv (venv) absolute path to the Python binary. With the python absolute path there is no need to activate the venv.
Would appreciate a star on wreck or sphinx-external-toc-strict or pytest-logging-strict
Thank you and thank anyone else who found this answer useful.
Whoa! It’s been 2 years and I’m actually not serving almost anything with python anymore. Switched to Golang and now run everything containerized. I’ve grown so much in knowledge about linux and security since then. Thank you for the answer regardless! :P
