aa_getcon

verbose

<p>We can use this function to see if there is an AppArmor
profile associated with the current process, and in which
mode it current is set (enforce, complain, disable).</p>

Bindings to various methods in the kernel for enforcing security
restrictions. AppArmor can apply mandatory access control (MAC) policies on
a given task (process) via security profiles with detailed ACL definitions.
In addition the package has kernel bindings for setting the process hardware
resource limits (rlimit), uid, gid, affinity and priority. The high level R
function 'eval.secure' builds on these methods to do dynamic sandboxing:
it evaluates a single R expression within a temporary fork which acts as a
sandbox by enforcing fine grained restrictions without affecting the main R
process. Recent versions on this package can also be installed on systems
without libapparmor, in which case some features are automatically disabled.

Jeroen Ooms

aa_getcon: Get AppArmor confinement context for the current task

Description

Usage

Arguments

Details

References