apparmor: Change hats
In jeroen/RAppArmor: Bindings to AppArmor and Security Related Linux Tools
apparmor R Documentation
Change hats
Description
A hat is a subprofile which name starts with a '^'.
The difference between hats and profiles is that one can escape (revert) from the hat using the token.
Hence this provides more limited security than a profile.
Note that in order for this function to do its work, it needs
read access to the attributes of the current process. If aa_getcon
fails with a permission denied error, it might actually mean
that the current process is being confined with a very restrictive
profile.
Usage
aa_change_hat(subprofile, magic_token)
aa_revert_hat(magic_token)
aa_change_profile(profile)
aa_find_mountpoint()
aa_getcon()
aa_is_enabled()
aa_is_compiled()
Arguments
subprofile
character string identifying the subprofile (hat) name (without the "^")
magic_token
a number that will be the key to revert out of the hat.
profile
character string with the name of the profile.
Examples
## Not run:
aa_change_profile("testprofile");
aa_getcon();
test <- read.table("/etc/group");
aa_change_hat("testhat", 13337);
aa_getcon();
test <- read.table("/etc/group");
aa_revert_hat(13337);
test <- read.table("/etc/group");
## End(Not run)
## Not run:
test <- read.table("/etc/passwd");
aa_change_profile("testprofile");
aa_getcon();
test <- read.table("/etc/passwd");
## End(Not run)
jeroen/RAppArmor documentation built on Jan. 12, 2024, 9:50 p.m.
R Package Documentation
Browse R Packages
We want your feedback!
Note that we can't provide technical support on individual packages. You should contact the package authors for that.
| apparmor | R Documentation |
Change hats
Description
A hat is a subprofile which name starts with a '^'. The difference between hats and profiles is that one can escape (revert) from the hat using the token. Hence this provides more limited security than a profile.
Note that in order for this function to do its work, it needs read access to the attributes of the current process. If aa_getcon fails with a permission denied error, it might actually mean that the current process is being confined with a very restrictive profile.
Usage
aa_change_hat(subprofile, magic_token)
aa_revert_hat(magic_token)
aa_change_profile(profile)
aa_find_mountpoint()
aa_getcon()
aa_is_enabled()
aa_is_compiled()
Arguments
subprofile |
character string identifying the subprofile (hat) name (without the "^") |
magic_token |
a number that will be the key to revert out of the hat. |
profile |
character string with the name of the profile. |
Examples
## Not run:
aa_change_profile("testprofile");
aa_getcon();
test <- read.table("/etc/group");
aa_change_hat("testhat", 13337);
aa_getcon();
test <- read.table("/etc/group");
aa_revert_hat(13337);
test <- read.table("/etc/group");
## End(Not run)
## Not run:
test <- read.table("/etc/passwd");
aa_change_profile("testprofile");
aa_getcon();
test <- read.table("/etc/passwd");
## End(Not run)
R Package Documentation
Browse R Packages
We want your feedback!
Note that we can't provide technical support on individual packages. You should contact the package authors for that.
Embedding an R snippet on your website
Add the following code to your website.
For more information on customizing the embed code, read Embedding Snippets.