apparmor

aa_change_hat

aa_revert_hat

aa_change_profile

aa_find_mountpoint

aa_getcon

aa_is_enabled

aa_is_compiled

A hat is a subprofile which name starts with a '^'.
The difference between hats and profiles is that one can escape (revert) from the hat using the token.
Hence this provides more limited security than a profile.
Note that in order for this function to do its work, it needs
read access to the attributes of the current process. If aa_getcon
fails with a permission denied error, it might actually mean
that the current process is being confined with a very restrictive
profile.

Bindings to kernel methods for enforcing security restrictions.
AppArmor can apply mandatory access control (MAC) policies on a given task
(process) via security profiles with detailed ACL definitions. In addition
this package implements bindings for setting process resource limits (rlimit),
uid, gid, affinity and priority. The high level R function 'eval.secure'
builds on these methods to perform dynamic sandboxing: it evaluates a single
R expression within a temporary fork which acts as a sandbox by enforcing
fine grained restrictions without affecting the main R process. A portable
version of this function is now available in the 'unix' package.

Jeroen Ooms

RAppArmor

Bindings to AppArmor and Security Related Linux Tools

apparmor function

<dl><dt>subprofile</dt>
<dd>character string identifying the subprofile (hat) name (without the "^")</dd>
<dt>magic_token</dt>
<dd>a number that will be the key to revert out of the hat.</dd>
<dt>profile</dt>
<dd>character string with the name of the profile.</dd></dl>

Arguments

Change hats — apparmor

<dl>

<dt>subprofile</dt>
<dd>character string identifying the subprofile (hat) name (without the "^")</dd>


<dt>magic_token</dt>
<dd>a number that will be the key to revert out of the hat.</dd>


<dt>profile</dt>
<dd>character string with the name of the profile.</dd>

</dl>

apparmor: Change hats

Description

Usage

Arguments

Examples