On 3/30/21 10:54 AM, Murali Selvaraj wrote: > Hi All, > > As per my understanding with the help of Apparmor profile we are > restricting the access to the process in terms of > its resources/namespaces. > > It looks similar to hardening where we are restricting the resources to > process. > correct
> Does it mean, technically Hardening and Apparmor profiles look the > same or different? Can you please share your comments. > AppArmor is a form of hardening, specifically its a mandatory access control system. Think of it like a sandbox with fine grained sharing. Hardening is an umbrella term that covers a whole bunch of different things you can do to protect an application or system. It can be things like: compiler hardening eg. inserting check for stack frame overflow before return, address space layout randomization (ASLR), mandatory access control, containerization, even memory encryption. You can get an idea of how broad the topic is by looking at the set of different hardening techniques ubuntu has applied to different parts of their distro (other distro do it to, I just happen to have this link handy). https://wiki.ubuntu.com/Security/Features -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
