submitted 2 years ago by 0jcis@sh.itjust.works to c/sysadmin@sh.itjust.works

2 comments fedilink hide all child comments

Hi! I learned about AppArmor recently and I am setting up profiles for each of my applications on my server, but I'm not sure if I should also restrict python binary executable in local python environment for my django website, because AppArmor says: "is currently marked as a program that should not have its own profile.". Chat GPT says I should activate the environment, bypass the warning and create a profile, but I'm not sure, so I decided to ask if anyone knows better.

top 2 comments

sorted by: hot top new old

[-] logging_strict@lemmy.ml 2 points 3 months ago

Congrats and i admire you're layering on security.

Am the author of seven published Python packages including: wreck, sphinx-external-toc-strict, pytest-logging-strict, logging-strict, and a few others.

long story short, the answer to your question is use the virtualenv (venv) absolute path to the Python binary. With the python absolute path there is no need to activate the venv.

Would appreciate a star on wreck or sphinx-external-toc-strict or pytest-logging-strict

Thank you and thank anyone else who found this answer useful.

[-] 0jcis@sh.itjust.works 2 points 2 months ago

Whoa! It’s been 2 years and I’m actually not serving almost anything with python anymore. Switched to Golang and now run everything containerized. I’ve grown so much in knowledge about linux and security since then. Thank you for the answer regardless! :P

this post was submitted on 02 Jan 2024

7 points (88.9% liked)

Sysadmin

465 readers

1 users here now

A community dedicated to the profession of IT Systems Administration

founded 2 years ago

MODERATORS

DarraignTheSane@sh.itjust.works

DarraignTheSane@lemmy.world