perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Clinton Gormley <>
Subject Re: AppArmor - makes mod_perl/mod_php safer on linux
Date Mon, 10 Apr 2006 12:31:13 GMT
On Sun, 2006-04-09 at 13:45 -0400, Jonathan Vanasco wrote:
> On Apr 9, 2006, at 5:02 AM, Kevin A. McGrail wrote:
> > I'm under the impression that this is the same as SELinux
> > (
> SELinux is at the kernel level + a few libraries, and from what i  
> read appArmor is just a library

No, appArmor plugs into the kernel via LSM (Linux Security Modules),
which SELinux uses as well. It is really impressive. Have a look at this
demo (272 meg of video!)

It is easy to configure, adds little overhead, and allows you to build
security profiles on the fly.  Also, it adopts the
deny-all/allow-required approach, rather then allow-all,

Also, (and I forgot the details) but I'm pretty sure it allows you to
separate permissions for different perl scripts running under mod-perl.


View raw message