AppArmor 2.13.2
2019-03-30
Aliases: exec(1)
apparmor
Mandatory Access Control (MAC) using Linux Security Module (LSM)
apparmor-parser
AppArmor userlevel parser utility
NAME
aa-exec - confine a program with the specified AppArmor profile
SYNOPSIS
aa-exec [options] [--] [<command> ...]
DESCRIPTION
aa-exec is used to launch a program confined by the specified profile and or namespace. If both a profile and namespace are specified command will be confined by profile in the new policy namespace. If only a namespace is specified, the profile name of the current confinement will be used. If neither a profile or namespace is specified command will be run using standard profile attachment (ie. as if run without the aa-exec command).
If the arguments are to be pasted to the <command> being invoked by aa-exec then — should be used to separate aa-exec arguments from the command.
aa-exec -p profile1 — ls -l
aa-exec -p profile1 — ls -l
OPTIONS aa-exec accepts the following arguments:
| -p PROFILE, --profile=PROFILE | confine <command> with PROFILE. If the PROFILE is not specified use the current profile name (likely unconfined). |
| -n NAMESPACE, --namespace=NAMESPACE | use profiles in NAMESPACE. This will result in confinement transitioning to using the new profile namespace. |
| -i, --immediate | transition to PROFILE before doing executing <command>. This subjects the running of <command> to the exec transition rules of the current profile. |
| -v, --verbose | show commands being performed |
| -d, --debug | show commands and error codes |
| -- | Signal the end of options and disables further option processing. Any arguments after the — are treated as arguments of the command. This is useful when passing arguments to the <command> being invoked by aa-exec. |
BUGS
If you find any bugs, please report them at <https://bugs.launchpad.net/apparmor/+filebug>.
SEE ALSO
aa-stack(8), aa-namespace(8), apparmor(7), apparmor.d(5), aa_change_profile(3), aa_change_onexec(3) and <https://wiki.apparmor.net>.
