How can I run a command with a specific AppArmor profile/hat?

Question

I'm hoping there exists something like sudo for AppArmor, so I can run something in a context like:

aado -hat my-hat command arg arg arg

Does this exist?

score 2 · Answer 1 · answered Mar 16 '13 at 02:28

2

I think this can be done by creating hardlinks to e.g. /bin/bash. You then create a profile for /bin/bash-my-hat and start your command:

/bin/bash-my-hat -c command '$0' arg1 arg2

answered Mar 16 '13 at 02:28

Hauke Laging

ooh, thats clever! i'm going to try this! – wowest Mar 23 '13 at 14:18
2

Don't forget to come back and accept the answer if it does work. :) – Hauke Laging Mar 24 '13 at 19:39

score 0 · Answer 2 · answered May 15 '20 at 21:10

0

The aa-exec command can run a command with a specific named profile (or unconfined). For example:

aa-exec -p my-profile -- command arg arg arg
aa-exec -p unconfined -- command arg arg arg

answered May 15 '20 at 21:10

kanaka

2 Answers2