This is a read-only archive. Find the latest Linux articles, documentation, and answers at the new Linux.com!

Linux.com

Re:Sandbox?

Posted by: Administrator on August 24, 2006 07:06 PM
I would describe it as "Process Rights Management" rather than a sandbox. Each app armor profile is associated with a named executable and controls what resources that executable can access. The control can be very fine-grained. A sandbox (in my view) is more course-grained (e.g. "the application cannot access the local file system") and applies to an entire set of applications, not just one named executable.

#

Return to Protect your applications with AppArmor