On Sun, 2006-04-09 at 13:45 -0400, Jonathan Vanasco wrote: > On Apr 9, 2006, at 5:02 AM, Kevin A. McGrail wrote: > > > I'm under the impression that this is the same as SELinux > > (http://www.nsa.gov/selinux/info/faq.cfm) > > SELinux is at the kernel level + a few libraries, and from what i > read appArmor is just a library
No, appArmor plugs into the kernel via LSM (Linux Security Modules), which SELinux uses as well. It is really impressive. Have a look at this demo (272 meg of video!) ftp://ftp.belnet.be/pub/mirror/FOSDEM/FOSDEM2006-apparmor.avi It is easy to configure, adds little overhead, and allows you to build security profiles on the fly. Also, it adopts the deny-all/allow-required approach, rather then allow-all, deny-this-that-and-the-other-thing. Also, (and I forgot the details) but I'm pretty sure it allows you to separate permissions for different perl scripts running under mod-perl. clint
