I'm under the impression that this is the same as SELinux (http://www.nsa.gov/selinux/info/faq.cfm)
Regards, KAM
I was just at cansecwest (http://cansecwest.com/) here in Vancouver, and went to a talk by Crispin Cowan from Novell. He presented AppArmor which confines the application into a restricted mode (which files it can access and what it can and cannot do). Unlike jail/chroot AppArmor allows you to provide different profiles per script, so it might be very useful to ISPs which need to protect one user from another. It works as a linux security module (LSM) so there is very little overhead and no need to patch your kernel.
