AA_GETCON(2) AppArmor AA_GETCON(2)NAME
aa_getprocattr_raw, aa_getprocattr - read and parse procattr data
aa_getcon, aa_gettaskcon - get task confinement information
aa_getpeercon - get the confinement of a socket's other end (peer)
SYNOPSIS
#include <sys/apparmor.h>
int aa_getprocattr_raw(pid_t tid, const char *attr, char *buf, int len,
char **mode);
int aa_getprocattr(pid_t tid, const char *attr, char **buf, char
**mode);
int aa_gettaskcon(pid_t target, char **con, char **mode);
int aa_getcon(char **con, char **mode);
int aa_getpeercon(int fd, char **con);
Link with -lapparmor when compiling.
DESCRIPTION
The aa_getcon function gets the current AppArmor confinement context
for the current task. The confinement context is usually just the name
of the AppArmor profile restricting the task, but it may include the
profile namespace or in some cases a set of profile names (known as a
stack of profiles). The returned string *con should be freed using
free().
The aa_gettaskcon function is like the aa_getcon function except it
will work for any arbitrary task in the system.
The aa_getpeercon function is similar to that of aa_gettaskcon except
that it returns the confinement information for task on the other end
of a socket connection.
The aa_getprocattr function is the backend for the aa_getcon and
aa_gettaskcon functions and handles the reading and parsing of the
confinement data from different arbitrary attr files and returns the
processed results in an allocated buffer.
The aa_getprocattr_raw() is the backend for the aa_getprocattr function
and does not handle buffer allocation.
RETURN VALUE
On success size of data placed in the buffer is returned, this includes
the mode if present and any terminating characters. On error, -1 is
returned, and errno(3) is set appropriately.
ERRORS
EINVAL
The apparmor kernel module is not loaded or the communication via
the /proc/*/attr/file did not conform to protocol.
ENOMEM
Insufficient kernel memory was available.
EACCES
Access to the specified file/task was denied.
ENOENT
The specified file/task does not exist or is not visible.
ERANGE
The confinement data is to large to fit in the supplied buffer.
BUGS
None known. If you find any, please report them at
<https://bugs.launchpad.net/apparmor/+filebug>.
SEE ALSOapparmor(7), apparmor.d(5), apparmor_parser(8), aa_change_profile(2)
and <http://wiki.apparmor.net>.
AppArmor 2.8.2 2013-10-21 AA_GETCON(2)