Thank you so much for researching and resolving this. It seems to be working now indeed.
Additional question: after switching profiles, I cannot switch back anymore. Which privileges exactly are required to be able to call aa_change_profile ? J On Thu, Apr 26, 2012 at 1:28 PM, Steve Beattie <[email protected]> wrote: > Hi Jeroen, > > On Thu, Apr 26, 2012 at 12:25:16PM -0700, Jeroen Ooms wrote: >> If it is helpful, here is some instructions to reproduce the problem. >> I am using Ubuntu 11.10. >> >> # one time install: >> sudo apt-get install r-base libapparmor-dev >> wget http://www.stat.ucla.edu/~jeroen/files/rApparmor_0.1.tar.gz >> sudo R CMD INSTALL rApparmor_0.1.tar.gz >> >> # start R: >> R >> >> # enter these commands in the R console: >> library(rApparmor) >> aa_change_profile("testprofile") > > The issue here is a type-mismatch in your wrapper code. From the Writing > R Extensions manual, section 5.2 > http://cran.r-project.org/doc/manuals/R-exts.html#Interface-functions-_002eC-and-_002eFortran > > The following table gives the mapping between the modes of R vectors > and the types of arguments to a C function or FORTRAN subroutine. > > R storage mode C type FORTRAN type > [SNIP] > character char ** CHARACTER*255 > > Your wrapper functions don't take this into account: > > void aa_change_profile_wrapper (int *ret, char *profile) { > *ret = aa_change_profile (profile); > if(ret != 0){ > *ret = errno; > } > } > > You need to convert the "char *profile" declaration to "char > **profile" and then evaluate one level of pointer in the > aa_change_profile() call, like so: > > void aa_change_profile_wrapper (int *ret, char **profile) { > *ret = aa_change_profile (*profile); > if(ret != 0){ > *ret = errno; > } > } > > When I do this, I am able to successfully make aa_change_profile calls > from within R: > > $ R > > library(rApparmor) > > (switch to a different shell) > > $ cat /proc/$(pidof R)/attr/current > unconfined > > (back to R) > > > library(rApparmor) > > aa_change_profile("testprofile") > Error in aa_change_profile("testprofile") : > Failed to change profile to: testprofile. > Error: 2 > > aa_change_profile("/bin/ping") > > > > (and back to the other shell) > > $ cat /proc/$(pidof R)/attr/current > /bin/ping (enforce) > > I didn't look at the aa_change_hat wrapper function, but I suspect a > similar type mis-match there as well. > > Thanks for trying this out! I'm really curious how well this > functionality works in R. > > -- > Steve Beattie > <[email protected]> > http://NxNW.org/~steve/ -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
