Bindings to various methods in the kernel for enforcing security restrictions. AppArmor can apply mandatory access control (MAC) policies on a given task (process) via security profiles with detailed ACL definitions. In addition the package has kernel bindings for setting the process hardware resource limits (rlimit), uid, gid, affinity and priority. The high level R function 'eval.secure' builds on these methods to do dynamic sandboxing: it evaluates a single R expression within a temporary fork which acts as a sandbox by enforcing fine grained restrictions without affecting the main R process. Recent versions on this package can also be installed on systems without libapparmor, in which case some features are automatically disabled.