The R package RAppArmor interfaces to a number of security related methods in the Linux kernel. It supports the following functionality:
eval.secure
function This can be useful for example if to host a public service for users to run R code, or if you are paranoid about running contributed code on your machine.
About the R package:
Use the eval.secure
function to dynamically evaluate a call with a certain AppArmor profile or hardware limits:
list.files("/")
eval.secure(list.files("/"), profile="r-user")
To set hardware limits, use the RLIMIT_XXX
arguments:
A <- matrix(rnorm(1e7), 1e4);
B <- eval.secure(matrix(rnorm(1e7), 1e4), RLIMIT_AS = 100*1024*1024);
The AppArmor linux module is available on the following distributions:
Installing the R package requires libapparmor-dev. The apparmor-utils package is also recommended.
sudo apt-get install -y libapparmor-dev apparmor-utils
One this is installed we can install the R package:
install.packages("RAppArmor")
The R package comes with some AppArmor profiles that you need to install manually:
#Install the profiles
cd /usr/local/lib/R/site-library/RAppArmor/
sudo cp -Rf profiles/debian/* /etc/apparmor.d/
#Load the profiles into the kernel
sudo service apparmor restart
#To disable enforcing the global R profile
sudo aa-disable usr.bin.r
To start enforcing the standard R policy:
sudo aa-enforce usr.bin.r
To stop enforcing of the standard policy:
sudo aa-disable usr.bin.r
Please have a look at the JSS paper to understand how to use the software.
To cite RAppArmor in publications use:
Jeroen Ooms (2013). The RAppArmor Package: Enforcing Security Policies in R Using Dynamic Sandboxing
on Linux. Journal of Statistical Software, 55(7), 1-34. URL http://www.jstatsoft.org/v55/i07/.
A BibTeX entry for LaTeX users is
@Article{RAppArmor,
title = {The {RAppArmor} Package: Enforcing Security Policies in {R} Using Dynamic Sandboxing on Linux},
author = {Jeroen Ooms},
journal = {Journal of Statistical Software},
year = {2013},
volume = {55},
number = {7},
pages = {1--34},
url = {http://www.jstatsoft.org/v55/i07/},
}
Add the following code to your website.
For more information on customizing the embed code, read Embedding Snippets.