perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Clinton Gormley <cl...@traveljury.com>
Subject Re: AppArmor - makes mod_perl/mod_php safer on linux
Date Mon, 10 Apr 2006 12:31:13 GMT
On Sun, 2006-04-09 at 13:45 -0400, Jonathan Vanasco wrote:
> On Apr 9, 2006, at 5:02 AM, Kevin A. McGrail wrote:
> 
> > I'm under the impression that this is the same as SELinux
> > (http://www.nsa.gov/selinux/info/faq.cfm)
> 
> SELinux is at the kernel level + a few libraries, and from what i  
> read appArmor is just a library

No, appArmor plugs into the kernel via LSM (Linux Security Modules),
which SELinux uses as well. It is really impressive. Have a look at this
demo (272 meg of video!)
ftp://ftp.belnet.be/pub/mirror/FOSDEM/FOSDEM2006-apparmor.avi

It is easy to configure, adds little overhead, and allows you to build
security profiles on the fly.  Also, it adopts the
deny-all/allow-required approach, rather then allow-all,
deny-this-that-and-the-other-thing.

Also, (and I forgot the details) but I'm pretty sure it allows you to
separate permissions for different perl scripts running under mod-perl.

clint



Mime
View raw message