[apparmor] KVM + AppArmor
Jeroen Ooms
jeroen.ooms at stat.ucla.edu
Mon Feb 27 00:03:16 UTC 2012
Perfect, that is the answer I was hoping for.
On Sun, Feb 26, 2012 at 3:27 PM, Seth Arnold <seth.arnold at gmail.com> wrote:
> AppArmor works exactly the same inside a KVM as outside -- there are no
> crazy kernel-sharing tricks ala OpenVZ so it looks just like booted on raw
> iron from AppArmor's perspective.
>
> I've used it both for testing debug versions of AppArmor as well as
> confining applications that required newer OS installs.
>
> There's even some clever work done via libvirt to provide confinement to
> the qemu _process_ that runs in the host, at least if you use the
> virt-manager tool. (Nice work there.)
> -----Original Message-----
> From: Jeroen Ooms <jeroen.ooms at stat.ucla.edu>
> Sender: apparmor-bounces at lists.ubuntu.com
> Date: Sun, 26 Feb 2012 13:41:08
> To: <apparmor at lists.ubuntu.com>
> Subject: [apparmor] KVM + AppArmor
>
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/apparmor
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20120226/05bf8566/attachment.html>
More information about the AppArmor
mailing list