securedrop-client
securedrop-client copied to clipboard
deploy(AppArmor): update `__pycache__` rules for Python 3.11
Status
Ready for review
Description
Updates the AppArmor rules governing __pycache__
for Python 3.11, which is our minimum Python since #1958.
- Caveat: #1235
Test Plan
-
make build-debs
-
Install
securedrop-client
intosd-app
-
Start the Client
-
[ ] Check
sd-app
's logs and observe no denials like:May 9 13:09:48 sd-app kernel: [ 6.743551] audit: type=1400 audit(1715285388.503:57): apparmor="DENIED" operation="mkdir" class="file" profile="/usr/bin/securedrop-client" name="/opt/venvs/securedrop-client/lib/python3.11/site-packages/__pycache__/" pid=1146 comm="alembic" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
Checklist
If these changes modify code paths involving cryptography, the opening of files in VMs or network (via the RPC service) traffic, Qubes testing in the staging environment is required. For fine tuning of the graphical user interface, testing in any environment in Qubes is required. Please check as applicable:
- [x] I have tested these changes in the appropriate Qubes environment
- I do not have an appropriate Qubes OS workstation set up (the reviewer will need to test these changes)
- These changes should not need testing in Qubes
If these changes add or remove files other than client code, the AppArmor profile may need to be updated. Please check as applicable:
- [x] I have updated the AppArmor profile
- No update to the AppArmor profile is required for these changes
- I don't know and would appreciate guidance
If these changes modify the database schema, you should include a database migration. Please check as applicable:
- I have written a migration and upgraded a test database based on
main
and confirmed that the migration is self-contained and applies cleanly - I have written a migration but have not upgraded a test database based on
main
and would like the reviewer to do so - I need help writing a database migration
- [x] No database schema changes are needed