Posted by: Administrator
on August 24, 2006 07:06 PM
I would describe it as "Process Rights Management" rather than a sandbox. Each app armor profile is associated with a named executable and controls what resources that executable can access. The control can be very fine-grained. A sandbox (in my view) is more course-grained (e.g. "the application cannot access the local file system") and applies to an entire set of applications, not just one named executable.