Comment #2 on issue 483 by
ar...@maven.pl: add apparmor support
http://code.google.com/p/psutil/issues/detail?id=483
http://manpages.ubuntu.com/manpages/saucy/man2/aa_getcon.2.html and
aa_gettaskcon is what interests us.
Such code:
#include <stdio.h>
#include <sys/apparmor.h>
int main() {
char *b1, *b2;
pid_t i;
for (i=0; i<100000; i++) {
if (aa_gettaskcon(i, &b1, &b2) != -1)
printf("[%s] [%s]\n", b1, b2);
}
}
gets us:
[/usr/sbin/pure-ftpd] [enforce]
[unconfined] [(null)]
[unconfined] [(null)]
[unconfined] [(null)]
[/usr/sbin/httpd.prefork] [enforce]
[/usr/sbin/httpd.prefork//HANDLING_UNTRUSTED_INPUT] [enforce]
so API for this could be tuple (context, mode)
(terms from man page, it's not file, not profile according to man page,
it's context and mode)
Note, on linux with apparmor disabled (# CONFIG_SECURITY_APPARMOR is not
set) you can't access that file:
$ LC_ALL=C cat /proc/4393/attr/current
cat: /proc/4393/attr/current: Invalid argument
apparmor is part of upstream linux kernel, so well... worth considering
supporting it. Same for SELinux tags.