"I guess the question is: Shouldn't we have a python-apport abstraction that apps (or local admin) can include to make debugging work under apparmor? It should probably live in apport, I guess, so apport can define which files it needs."
Perhaps an abstraction makes sense to optionally add it in for debugging, but it is not clear what should be in that abstraction. I mean, if these things are running in process and the hooks can do anything, it might simply make sense to temporarily disable the profile while debugging via apparmor_parser -R /path/to/profile. Of course, that changes the environment of the application (but so does adding the abstraction).
"I guess the question is: Shouldn't we have a python-apport abstraction that apps (or local admin) can include to make debugging work under apparmor? It should probably live in apport, I guess, so apport can define which files it needs."
Perhaps an abstraction makes sense to optionally add it in for debugging, but it is not clear what should be in that abstraction. I mean, if these things are running in process and the hooks can do anything, it might simply make sense to temporarily disable the profile while debugging via apparmor_parser -R /path/to/profile. Of course, that changes the environment of the application (but so does adding the abstraction).