A NovellĀ® AppArmor profile represents security policy for an individual
program instance or process. It applies to an executable program, but if a
portion of the program needs different access permissions than other
portions, the program can change hats
to use a different
security context, distinctive from the access of the main program. This is
known as a hat or subprofile.
ChangeHat enables programs to change to or from a hat within a Novell AppArmor profile. It enables you to define security at a finer level than the process.
This feature requires that each application be made changehat
aware,
meaning that it is modified to make a request to the
Novell AppArmor module to switch security domains at arbitrary times
during the application execution.
A profile can have an arbitrary number of subprofiles, but there are only two levels: a subprofile cannot have further sub-subprofiles. A subprofile is written as a separate profile and named as the containing profile followed by the subprofile name, separated by a ^. Subprofiles must be stored in the same file as the parent profile.
NOTE: For more information see the change_hat man page.