apparmor plugin

AppArmor support plugin, which allows changing “hat” (apparmor context) when user is loaded. Context is changed back to default on user deinit. Multiple hats are supported and passed to aa_change_hatv() function.

Settings

See apparmor plugin.

You can also specify hats from user or password database extra fields. If you provide from passdb, use userdb_apparmor_hat=hat. From userdb, you can omit the userdb_ prefix.

Sample Configuration

mail_plugins = $mail_plugins apparmor

plugin {
  apparmor_hat = hat_name
}

Debugging

Enable mail_debug to see context changes.