[Apparmor-general] apparmor vs chroot
Michael James
Michael.James at csiro.au
Tue Mar 6 22:35:17 MST 2007
AppArmor provides a more flexible, more secure alternative to chroot.
Is this true to the extent that it should completely replace chroot?
Does this mean we can safely ditch all the chroot cruft
surrounding daemons like dhcpd, named, postfix, etc?
What's the philosophy of the profile writers, do we plan to do it?
Are there sets of AppArmor profiles designed for un-chroot-ed daemons?
I'm asking this question largely in a SuSE context,
hoping to reduce the named init script to something manageable.
TIA
--
Michael James michael.james at csiro.au
System Administrator voice: 02 6246 5040
CSIRO Bioinformatics Facility fax: 02 6246 5166
SAP is marketed as an effective solution for businesses.
What they don't tell you is, it's an embalming solution.
More information about the Apparmor-general
mailing list