| Title: | Bindings to AppArmor and Security Related Linux Tools |
|---|---|
| Description: | Bindings to kernel methods for enforcing security restrictions. AppArmor can apply mandatory access control (MAC) policies on a given task (process) via security profiles with detailed ACL definitions. In addition this package implements bindings for setting process resource limits (rlimit), uid, gid, affinity and priority. The high level R function 'eval.secure' builds on these methods to perform dynamic sandboxing: it evaluates a single R expression within a temporary fork which acts as a sandbox by enforcing fine grained restrictions without affecting the main R process. A portable version of this function is now available in the 'unix' package. |
| Authors: | Jeroen Ooms [aut, cre] |
| Maintainer: | Jeroen Ooms <[email protected]> |
| License: | Apache License 2.0 |
| Version: | 3.2.5 |
| Built: | 2024-11-02 05:58:25 UTC |
| Source: | https://github.com/jeroen/rapparmor |
Get/set the process's CPU affinity mask. The affinity mask binds the process to
specific core(s) within the machine. Not supported on all systems, has_affinity()
shows if this is available.
setaffinity(cpus = 1:ncores()) getaffinity_count() getaffinity() has_affinity() ncores()setaffinity(cpus = 1:ncores()) getaffinity_count() getaffinity() has_affinity() ncores()
cpus |
Which cpu cores to bind to: vector of integers between 1 and |
Setting a process affinity allows for restricting the process to only use certain
cores in the machine. The cores are indexed by the operating system as 1 to ncores().
Calling setaffinity() with no arguments resets the process to use any of the
available cores.
Note that setaffinity is different from setting r_limit values in the sense that it is not a one-way process. An unprivileged user can change the process affinity to any value. In order to 'lock' an affinity value, one would have to manipulate Linux capability value for CAP_SYS_NICE.
## Not run: # Current affinity ncores() getaffinity() getaffinity_count() # Restrict process to core number 1. setaffinity(1) getaffinity() # Reset setaffinity() getaffinity() ## End(Not run)## Not run: # Current affinity ncores() getaffinity() getaffinity_count() # Restrict process to core number 1. setaffinity(1) getaffinity() # Reset setaffinity() getaffinity() ## End(Not run)
A hat is a subprofile which name starts with a '^'. The difference between hats and profiles is that one can escape (revert) from the hat using the token. Hence this provides more limited security than a profile.
Note that in order for this function to do its work, it needs read access to the attributes of the current process. If aa_getcon fails with a permission denied error, it might actually mean that the current process is being confined with a very restrictive profile.
aa_change_hat(subprofile, magic_token) aa_revert_hat(magic_token) aa_change_profile(profile) aa_find_mountpoint() aa_getcon() aa_is_enabled() aa_is_compiled()aa_change_hat(subprofile, magic_token) aa_revert_hat(magic_token) aa_change_profile(profile) aa_find_mountpoint() aa_getcon() aa_is_enabled() aa_is_compiled()
subprofile |
character string identifying the subprofile (hat) name (without the "^") |
magic_token |
a number that will be the key to revert out of the hat. |
profile |
character string with the name of the profile. |
## Not run: aa_change_profile("testprofile"); aa_getcon(); test <- read.table("/etc/group"); aa_change_hat("testhat", 13337); aa_getcon(); test <- read.table("/etc/group"); aa_revert_hat(13337); test <- read.table("/etc/group"); ## End(Not run) ## Not run: test <- read.table("/etc/passwd"); aa_change_profile("testprofile"); aa_getcon(); test <- read.table("/etc/passwd"); ## End(Not run)## Not run: aa_change_profile("testprofile"); aa_getcon(); test <- read.table("/etc/group"); aa_change_hat("testhat", 13337); aa_getcon(); test <- read.table("/etc/group"); aa_revert_hat(13337); test <- read.table("/etc/group"); ## End(Not run) ## Not run: test <- read.table("/etc/passwd"); aa_change_profile("testprofile"); aa_getcon(); test <- read.table("/etc/passwd"); ## End(Not run)
The eval.secure function has moved into the unix package and is now
an alias for unix::eval_safe. Please switch over
to this new function.
This function loads the 'testthat' package and runs a number of unit tests for RAppArmor. Note that the tests assume that the main process is unconfined. Try running it both as root and as a regular user to cover both cases.
unittests()unittests()
Occasionally, one or two tests might fail due to random fluctuations in available memory, cpu, etc. If this happens, try running the tests again, possibly with less other programs running in the background.