aa_change_hat {RAppArmor}R Documentation

Change hats

Description

A hat is a subprofile which name starts with a '^'. The difference between hats and profiles is that one can escape (revert) from the hat using the token. Hence this provides more limited security than a profile.

Usage

aa_change_hat(subprofile, magic_token, verbose = TRUE)

Arguments

subprofile

character string identifying the subprofile (hat) name (without the "^")

magic_token

a number that will be the key to revert out of the hat.

verbose

print some C output (TRUE/FALSE)

References

Jeroen Ooms (2013). The RAppArmor Package: Enforcing Security Policies in R Using Dynamic Sandboxing on Linux. Journal of Statistical Software, 55(7), 1-34. http://www.jstatsoft.org/v55/i07/.

Ubuntu Manpage: aa_change_hat - change to or from a "hat" within a AppArmor profile. http://manpages.ubuntu.com/manpages/precise/man2/aa_change_hat.2.html.

See Also

Other apparmor: aa_change_profile, aa_find_mountpoint, aa_is_enabled

Examples

## Not run: 
aa_change_profile("testprofile");
aa_getcon();
test <- read.table("/etc/group");
aa_change_hat("testhat", 13337);
aa_getcon();
test <- read.table("/etc/group");
aa_revert_hat(13337);
test <- read.table("/etc/group");

## End(Not run)
[Package RAppArmor version 2.0.2 Index]