I tried this, and spent a while stepping through the Black and standard library code, but I can’t get it to work.
I’ve confirmed that SemLock._make_name() is returning e.g. /snap.dotrun.mp-gq35e6mx, and yet still this is what happens in syslog:
Feb 25 09:14:11 rt480 kernel: [ 2778.115931] audit: type=1400 audit(1582622051.087:194): apparmor="DENIED" operation="open" profile="snap.dotrun.dotrun" name="/proc/29521/mounts" pid=29521 comm="python3" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
Feb 25 09:14:11 rt480 kernel: [ 2778.243534] audit: type=1400 audit(1582622051.215:195): apparmor="DENIED" operation="mknod" profile="snap.dotrun.dotrun" name="/dev/shm/4afan5" pid=29521 comm="python3" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
Is this related to this one? Python multiprocessing sem_open blocked in strict mode
I didn’t quite understand how @jdstrand appeared to get that working.