On 10/02/2021 11:02, Ulrike Uhlig wrote: > Hi! > > On 10.02.21 00:18, Jonathan Marquardt wrote: >> On Fri, Feb 05, 2021 at 12:08:49PM +0100, Clément Hermann wrote: >>> On 04/02/2021 13:04, Jonathan Marquardt wrote: >>>> On Thu, Feb 04, 2021 at 12:23:17PM +0100, Clément Hermann wrote: > >> However I found out that it always works (on all of my systems) if I >> launch >> onionciruits with the command: >> >> $ python3 /usr/bin/onionciruits >> >> I have no idea why. > > Could this be related to AppArmor? > > Just a random idea.
Oh right. Of course. Thanks Ulrike :) Yes, the apparmor profile shipped with onioncircuit won't allow access to stuff in /usr/local. So python interpreter can't actually run. I would still advise against mixed system-wide stuff from debian package and from pip; and use virtualenv instead for any local needs, but this could probably also be worked around by: - disabling the onioncircuits profile (not recommended), or - adding some local rules to allow access to /usr/local/ in /etc/apparmor.d/local/usr.bin.onioncircuits The existing rules in /etc/apparmor.d/usr.bin.onioncircuits could be used as a starting point. I don't think it's relevant to include new rules in the package. If you prefer, I could reopen the bug and tag it as wontfix for clarity. Cheers, -- nodens
