[apparmor] KVM + AppArmor
Seth Arnold
seth.arnold at gmail.com
Sun Feb 26 23:27:47 UTC 2012
AppArmor works exactly the same inside a KVM as outside -- there are no crazy kernel-sharing tricks ala OpenVZ so it looks just like booted on raw iron from AppArmor's perspective.
I've used it both for testing debug versions of AppArmor as well as confining applications that required newer OS installs.
There's even some clever work done via libvirt to provide confinement to the qemu _process_ that runs in the host, at least if you use the virt-manager tool. (Nice work there.)
-----Original Message-----
From: Jeroen Ooms <jeroen.ooms at stat.ucla.edu>
Sender: apparmor-bounces at lists.ubuntu.com
Date: Sun, 26 Feb 2012 13:41:08
To: <apparmor at lists.ubuntu.com>
Subject: [apparmor] KVM + AppArmor
--
AppArmor mailing list
AppArmor at lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
More information about the AppArmor
mailing list