aa-exec Man page

AA-EXEC(8) AppArmor AA-EXEC(8)


aa-exec – confine a program with the specified AppArmor profile


aa-exec [options] [–] [ …]


aa-exec is used to launch a program confined by the specified profile
and or namespace. If both a profile and namespace are specified
command will be confined by profile in the new policy namespace. If
only a namespace is specified, the profile name of the current
confinement will be used. If neither a profile or namespace is
specified command will be run using standard profile attachment (ie. as
if run without the aa-exec command).

If the arguments are to be pasted to the being invoked by aa-
exec then — should be used to separate aa-exec arguments from the
aa-exec -p profile1 — ls -l

OPTIONS aa-exec accepts the following arguments:
-p PROFILE, –profile=PROFILE
confine with PROFILE. If the PROFILE is not specified use
the current profile name (likely unconfined).

use profiles in NAMESPACE. This will result in confinement
transitioning to using the new profile namespace.

-i, –immediate
transition to PROFILE before doing executing . This
subjects the running of to the exec transition rules of
the current profile.

-v, –verbose
show commands being performed

-d, –debug
show commands and error codes

— Signal the end of options and disables further option processing.
Any arguments after the — are treated as arguments of the command.
This is useful when passing arguments to the being
invoked by aa-exec.


If you find any bugs, please report them at


aa-stack(8), aa-namespace(8), apparmor(7), apparmor.d(5),
aa_change_profile, aa_change_onexec(3) and

AppArmor 2.10.95 2016-10-07 AA-EXEC(8)