This is a read-only archive. Find the latest Linux articles, documentation, and answers at the new!


Posted by: Administrator on August 24, 2006 07:06 PM
I would describe it as "Process Rights Management" rather than a sandbox. Each app armor profile is associated with a named executable and controls what resources that executable can access. The control can be very fine-grained. A sandbox (in my view) is more course-grained (e.g. "the application cannot access the local file system") and applies to an entire set of applications, not just one named executable.


Return to Protect your applications with AppArmor