AA-EXEC(8) AppArmor AA-EXEC(8)
NAME
aa-exec - confine a program with the specified AppArmor profile
SYNOPSIS
aa-exec [options] [--] [ ...]
DESCRIPTION
aa-exec is used to launch a program confined by the specified profile and or namespace.
If both a profile and namespace are specified command will be confined by profile in the
new policy namespace. If only a namespace is specified, the profile name of the current
confinement will be used. If neither a profile or namespace is specified command will be
run using standard profile attachment (ie. as if run without the aa-exec command).
If the arguments are to be pasted to the being invoked by aa-exec then -- should
be used to separate aa-exec arguments from the command.
aa-exec -p profile1 -- ls -l
OPTIONS aa-exec accepts the following arguments:
-p PROFILE, --profile=PROFILE
confine with PROFILE. If the PROFILE is not specified use the current
profile name (likely unconfined).
-n NAMESPACE, --namespace=NAMESPACE
use profiles in NAMESPACE. This will result in confinement transitioning to using the
new profile namespace.
-i, --immediate
transition to PROFILE before doing executing . This subjects the running of
to the exec transition rules of the current profile.
-v, --verbose
show commands being performed
-d, --debug
show commands and error codes
-- Signal the end of options and disables further option processing. Any arguments after
the -- are treated as arguments of the command. This is useful when passing arguments
to the being invoked by aa-exec.
BUGS
If you find any bugs, please report them at
.
SEE ALSO
aa-stack(8), aa-namespace(8), apparmor(7), apparmor.d(5), aa_change_profile(3),
aa_change_onexec(3) and .
AppArmor 2.10.95 2016-10-07 AA-EXEC(8)
Go-to-top