perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stas Bekman <s...@stason.org>
Subject Re: AppArmor - makes mod_perl/mod_php safer on linux
Date Tue, 11 Apr 2006 01:35:26 GMT
Clinton Gormley wrote:
> On Sun, 2006-04-09 at 13:45 -0400, Jonathan Vanasco wrote:
> 
>>On Apr 9, 2006, at 5:02 AM, Kevin A. McGrail wrote:
>>
>>
>>>I'm under the impression that this is the same as SELinux
>>>(http://www.nsa.gov/selinux/info/faq.cfm)
>>
>>SELinux is at the kernel level + a few libraries, and from what i  
>>read appArmor is just a library
> 
> 
> No, appArmor plugs into the kernel via LSM (Linux Security Modules),
> which SELinux uses as well. It is really impressive. Have a look at this
> demo (272 meg of video!)
> ftp://ftp.belnet.be/pub/mirror/FOSDEM/FOSDEM2006-apparmor.avi
> 
> It is easy to configure, adds little overhead, and allows you to build
> security profiles on the fly.  Also, it adopts the
> deny-all/allow-required approach, rather then allow-all,
> deny-this-that-and-the-other-thing.
> 
> Also, (and I forgot the details) but I'm pretty sure it allows you to
> separate permissions for different perl scripts running under mod-perl.

according to the presenter -- it does.


-- 
_____________________________________________________________
Stas Bekman mailto:stas@stason.org  http://stason.org/
MailChannels: Assured Messaging(TM) http://mailchannels.com/
The "Practical mod_perl" book       http://modperlbook.org/
http://perl.apache.org/ http://perl.org/ http://logilune.com/


Mime
View raw message