aa-exec (8)
Leading comments
Automatically generated by Pod::Man 2.28 (Pod::Simple 3.29) Standard preamble: ========================================================================
NAME
aa-exec - confine a program with the specified AppArmor profileSYNOPSIS
aa-exec [options] [--] [<command> ...]DESCRIPTION
aa-exec is used to launch a program confined by the specified profile and or namespace. If both a profile and namespace are specified command will be confined by profile in the new policy namespace. If only a namespace is specified, the profile name of the current confinement will be used. If neither a profile or namespace is specified command will be run using standard profile attachment (ie. as if run without the aa-exec command).
If the arguments are to be pasted to the <command> being invoked
by aa-exec then --- should be used to separate aa-exec arguments from the
command.
aa-exec -p profile1 --- ls -l
OPTIONS aa-exec accepts the following arguments:
- -p PROFILE,--profile=PROFILE
-
confine <command> with PROFILE.If thePROFILEis not specified use the current profile name (likely unconfined).
- -n NAMESPACE,--namespace=NAMESPACE
-
use profiles in NAMESPACE.This will result in confinement transitioning to using the new profile namespace.
- -i, --immediate
-
transition to PROFILEbefore doing executing <command>. This subjects the running of <command> to the exec transition rules of the current profile.
- -v, --verbose
- show commands being performed
- -d, --debug
- show commands and error codes
- --
- Signal the end of options and disables further option processing. Any arguments after the --- are treated as arguments of the command. This is useful when passing arguments to the <command> being invoked by aa-exec.