AppArmor (apparmor) Plugin

AppArmor plugin, which allows changing "hat" (apparmor context) when user is loaded. Context is changed back to default on user deinit.

Multiple hats are supported and passed to aa_change_hatv() function.

Settings

`apparmor_hat`

Default	[None]
Value	string

The AppArmor "hat" to change to when a user is loaded.

You can define multiple hats by appending an increasing number to the setting name.

Example:

plugin {
  apparmor_hat = hat_name
  apparmor_hat2 = another_hat
}

Settings: Extra Fields

You can also specify hats from user or password database extra fields.

Password Database

If you provide from passdb, use userdb_apparmor_hat=hat.

User Database

If you provide from userdb, use apparmor_hat=hat.

Sample Configuration

mail_plugins = $mail_plugins apparmor

plugin {
  apparmor_hat = hat_name
}

Debugging

Enable log_debug to see context changes.

Authentication

Databases

Mechanisms

Mail Delivery

Events

Guides

Mailbox

Formats

Sieve

Extensions

SQL

Users

Guides

Lua Support

Index Files

AppArmor (apparmor) Plugin

Settings

`apparmor_hat`

Settings: Extra Fields

Password Database

User Database

Sample Configuration

Debugging

Databases

Mechanisms

Formats

Extensions

AppArmor (apparmor) Plugin ​

Settings ​

apparmor_hat

Settings: Extra Fields ​

Password Database ​

User Database ​

Sample Configuration ​

Debugging ​

AppArmor (apparmor) Plugin

Settings

`apparmor_hat`

Settings: Extra Fields

Password Database

User Database

Sample Configuration

Debugging