Linux "aa-exec" Command Line Options and Examples

confine a program with the specified AppArmor profile

aa-exec is used to launch a program confined by the specified profile and or namespace. If both a profile and namespace are specified command will be confined by profile in the new policy namespace. If only a namespace is specified, the profile name of the current confinement will be used.

Usage:

aa-exec [options] [--] [ ...]

Command Line Options:

-p

confine <command> with PROFILE. If the PROFILE is not specified use the current profile name (likely unconfined).


                            aa-exec -p ...

-n

use profiles in NAMESPACE. This will result in confinement transitioning to using the new profile namespace.


                            aa-exec -n ...

-i

transition to PROFILE before doing executing <command>. This subjects the running of <command> to the exec transition rules ofthe current profile.


                            aa-exec -i ...

-v

show commands being performed


                            aa-exec -v ...

-d

show commands and error codes


                            aa-exec -d ...