Hi,

I'm interested in getting feedback from anyone who has deployed AppArmor in a corporate environment. Specifically I would like to know:

1. How much of a performance hit can I expect with AppArmor ?

2. Is it buggy ? How good is the support from SuSe for AppArmor ?

3. How user friendly is the policy parser ?

4. What are the basic gotcha's that I should be aware of when setting it up ?

5. How much disk space should I allocate for event logs ?

6. Is AppArmor better than SELinux ?

7. In your opinion, given the additional burden of managing and maintaining AppArmor, is it worth it ?

Any feedback would be appreciated. Thanks,

Dave

1. I'd expect minimal, as its kernel based File Access Controls, its sortof not really a process (Like Real Time Virus Scanning)

2. Buggy, not that I have come across, not sure about support although.

3. Easy, easy, easy. The conf files are simple, logprof is easy. The yast2 interface is probably just as easy.

4. Know what your app should be doing, Exercise it, exercise it and exercise it again. Review the profiles manaully helps too. Understand the syntax of conf files also.

5. Depends if you want to audit your applications, or just set and forget, I current have 66MB in apparmor log directory. 1 or 2GB for you /var maybe?

6. Different but so much more easier IMHO.

7. Yes. Easy as yell to setup and set and forget. Dont forget to setup application to complain and restart services when troubleshooting buggy applications, webservers playing up etc. A small headache there for a few days. lol.

Read to documentation on the OpenSuSe wiki its very good. SuSE CLE courseware has some good explanations on it.