日期:2014-05-16  浏览次数:20748 次

Linux Security Framework -- Apparmor机制介绍

 AppArmor 是一个类似于selinux 的东东,主要的作用是设置某个可执行程序的访问控制权限,可以限制程序 读/写某个目录/文件,打开/读/写网络端口等等。

    Novell给出的Apparmor的解释:

AppArmor is designed to provide easy-to-use application security for both servers and workstations. Novell AppArmor is an access control system that lets you specify per program which files the program may read, write, and execute. AppArmor secures applications by enforcing good application behavior without relying on attack signatures, so it can prevent attacks even if they are exploiting previously unknown vulnerabilities.

    之所以选择Apparmor而不是SELinux,主要基于以下两点原因:

  • 对于初学者来说,Apparmor比SELinux更简单
  • ubuntu的粉丝,ubuntu选择了Apparmor,同理,如果你是fedora的粉丝,很明显会选择SELinux

    实事求是的说,SELinux比Apparmor更安全,更灵活,同时配置起来也更复杂。SELinux与Apparmor最大的区别在于:Apparm