On Wed, Feb 10, 2021 at 12:26:35PM +0100, nodens wrote: > Yes, the apparmor profile shipped with onioncircuit won't allow access > to stuff in /usr/local. So python interpreter can't actually run. > > I would still advise against mixed system-wide stuff from debian package > and from pip; and use virtualenv instead for any local needs, but this > could probably also be worked around by: > > - disabling the onioncircuits profile (not recommended), or > - adding some local rules to allow access to /usr/local/ in > /etc/apparmor.d/local/usr.bin.onioncircuits
You're right. Just as a test i added "/usr/local/** r," to /etc/apparmor.d/local/usr.bin.onioncircuits and it works now. > If you prefer, I could reopen the bug and tag it as wontfix for clarity. I really don't care. Thank you again! And thank you to Ulrike as well!