Bindings to AppArmor and Security Related Linux Tools

Bindings to various methods in the kernel for enforcing security restrictions. AppArmor can apply mandatory access control (MAC) policies on a given task (process) via security profiles with detailed ACL definitions. In addition the package has kernel bindings for setting the process hardware resource limits (rlimit), uid, gid, affinity and priority. The high level R function 'eval.secure' builds on these methods to do dynamic sandboxing: it evaluates a single R expression within a temporary fork which acts as a sandbox by enforcing fine grained restrictions without affecting the main R process. Recent versions on this package can also be installed on systems without libapparmor, in which case some features are automatically disabled.


News

2.0.2

  • Advertise that package can be installed on non-apparmor systems
  • Improve onAttach message on non-apparmor systems

2.0.1

  • Configure script automatically sets NO_APPARMOR if kernel was built without AppArmor
  • Disable unit tests for CMD check due to CRAN issues

2.0.0

  • Complete rewrite using .Call instead of .C interface
  • Use configure-vars='NO_APPARMOR=1' to build on Fedora / CentOS 7
  • Workaround for race condition in parallel::mccollect()

1.0.2

  • Add timer to eval.secure for better error messages
  • Add 0.01s of pause in eval.secure
  • Fix some unit tests
  • Change closeAllConnections default to FALSE

1.0.1

  • changed method to find libapparmor.so in configure file to work on recent distributions.
  • adding closeAllConnections argument to eval.secure

1.0.0

  • Remove setInteractive code. CRAN no longer allows this, and mcparallel now disables interactivity by default.
  • Move 'debian' dir from root into /tools/
  • Added JSS PDF and CITATION files
  • Bump to 1.0.0 to official release with JSS publication.

0.8.3:

  • wrapped rlimit examples in \dontrun{} blocks.
  • wrapped setaffinity example in \dontrun() block.
  • updated and renamed vignette.

0.8.2:

  • modified license.
  • turned JSS paper into vignette

0.8.1:

  • minor improvement to kill child of eval.secure

0.8.0:

  • Bump version to signify release to CRAN.

0.7.4:

  • added unittests function
  • added stuff to prevent interactivity in eval.secure
  • small fixes and renames

0.7.3:

  • added setinteractive function
  • added 'interactive' parameter to eval.secure
  • more unit tests

0.7.2:

  • Started adding unit tests
  • New internal function errno()
  • Linux error messages for all calls (based on errno.h)

0.7.1:

  • Added .onAttach diagnostics
  • Added error messages to aa_getcon and aa_is_enabled.

0.7.0:

  • added setaffinity, getaffinity, getaffinity_count, nproc
  • updated eval.secure to support affinity
  • updated URL and OS_type fields in DESCRIPTION
  • added some references to the documentation

0.6.0:

  • using pgid to kill potential forks
  • added verbose parameters to suppress C output
  • bugfix when the output has multiple classes

Reference manual

It appears you don't have a PDF plugin for this browser. You can click here to download the reference manual.

install.packages("RAppArmor")

2.0.2 by Jeroen Ooms, 10 months ago


http://www.jstatsoft.org/v55/i07/ http://github.com/jeroenooms/RAppArmor#readme


Report a bug at http://github.com/jeroenooms/RAppArmor/issues


Browse source code at https://github.com/cran/RAppArmor


Authors: Jeroen Ooms


Documentation:   PDF Manual  


Apache License (== 2.0) license


Imports parallel

Depends on tools

Suggests testthat, R.rsp

System requirements: linux (>= 3.0), libapparmor-dev (optional)


Suggested by opencpu.


See at CRAN