.\" -*- mode: troff; coding: utf-8 -*- .\" Automatically generated by Pod::Man 5.01 (Pod::Simple 3.43) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ . ds C` "" . ds C' "" 'br\} .el\{\ . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" ======================================================================== .\" .IX Title "AA-EXEC 1" .TH AA-EXEC 1 2024-08-15 "AppArmor 4.0.3" AppArmor .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH NAME aa\-exec \- confine a program with the specified AppArmor profile .SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBaa-exec\fR [options] [\-\-] [\fI\fR ...] .SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBaa-exec\fR is used to launch a program confined by the specified profile and or namespace. If both a profile and namespace are specified command will be confined by profile in the new policy namespace. If only a namespace is specified, the profile name of the current confinement will be used. If neither a profile or namespace is specified command will be run using standard profile attachment (ie. as if run without the aa-exec command). .PP If the arguments are to be pasted to the \fI\fR being invoked by aa-exec then \-\- should be used to separate aa-exec arguments from the command. aa-exec \-p profile1 \-\- ls \-l .SH "OPTIONS \fBaa-exec\fP accepts the following arguments:" .IX Header "OPTIONS aa-exec accepts the following arguments:" .IP "\-p PROFILE, \-\-profile=PROFILE" 4 .IX Item "-p PROFILE, --profile=PROFILE" confine \fI\fR with PROFILE. If the PROFILE is not specified use the current profile name (likely unconfined). .IP "\-n NAMESPACE, \-\-namespace=NAMESPACE" 4 .IX Item "-n NAMESPACE, --namespace=NAMESPACE" use profiles in NAMESPACE. This will result in confinement transitioning to using the new profile namespace. .IP "\-i, \-\-immediate" 4 .IX Item "-i, --immediate" transition to PROFILE before doing executing \fI\fR. This subjects the running of \fI\fR to the exec transition rules of the current profile. .IP "\-v, \-\-verbose" 4 .IX Item "-v, --verbose" show commands being performed .IP "\-d, \-\-debug" 4 .IX Item "-d, --debug" show commands and error codes .IP \-\- 4 Signal the end of options and disables further option processing. Any arguments after the \-\- are treated as arguments of the command. This is useful when passing arguments to the \fI\fR being invoked by aa-exec. .SH BUGS .IX Header "BUGS" If you find any bugs, please report them at .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBaa\-stack\fR\|(8), \fBaa\-namespace\fR\|(8), \fBapparmor\fR\|(7), \fBapparmor.d\fR\|(5), \fBaa_change_profile\fR\|(3), \&\fBaa_change_onexec\fR\|(3) and .