RAppArmor (Q33844)

Bindings to kernel methods for enforcing security restrictions. AppArmor can apply mandatory access control (MAC) policies on a given task (process) via security profiles with detailed ACL definitions. In addition this package implements bindings for setting process resource limits (rlimit), uid, gid, affinity and priority. The high level R function 'eval.secure' builds on these methods to perform dynamic sandboxing: it evaluates a single R expression within a temporary fork which acts as a sandbox by enforcing fine grained restrictions without affecting the main R process. A portable version of this function is now available in the 'unix' package.