I am trying to kill a tcpdump process from within PyCharm (the tcpdump process was spawned by PyCharm). When I try to issue os.system("kill -15 tcpdump") Pycharm reports Permission denied. Checking the system log dmesg, I found this:
[601570.570692] audit: type=1400 audit(1665402026.962:10594): apparmor="DENIED" operation="signal" profile="/usr/sbin/tcpdump" pid=146275 comm="kill" requested_mask="receive" denied_mask="receive" signal=kill peer="snap.pycharm-professional.pycharm-professional"
Checking AppArmor via sudo apparmor_status shows this:
8 processes are in complain mode.
/usr/sbin/sssd (968)
/usr/libexec/sssd/sssd_be (1069) /usr/sbin/sssd
/usr/libexec/sssd/sssd_nss (1111) /usr/sbin/sssd
/usr/libexec/sssd/sssd_pam (1112) /usr/sbin/sssd
/usr/libexec/sssd/sssd_ssh (1113) /usr/sbin/sssd
/snap/pycharm-professional/302/jbr/bin/java (80908) snap.pycharm-professional.pycharm-professional
/snap/pycharm-professional/302/bin/fsnotifier (81009) snap.pycharm-professional.pycharm-professional
/usr/bin/python3.8 (102544) snap.pycharm-professional.pycharm-professional
0 processes are unconfined but have a profile defined.
How can I configure AppArmor to allow PyCharm to send a kill command to tcpdump? Preferably without compromising system security too much? One approach that I found was to put AppArmor in full developer mode, which would grant all rights to all applications, but that seems a bit unsafe.