Per the documentation, a very small one. A few percentage points.
I haven’t had any issues with it though I do not tinker with it much.
For an initial setup I think it’s pretty nice. It has a “learning
mode” that lets you just turn it on for a process and then do your normal
(non-malicious) stuff and then it walks you through tuning what it found.
If you start seeing completely strange issues a first step when using
LSM in any form (SELinux, AppArmor, or other) is to disable the
functionality to see if that is related. Because it works at the kernel
level this can stop ANYTHING from happening, whether you are root or not.
For example I’ve used it to prevent root-powerful processes from using
the ls command. Be careful when setting up your rules or you can make
life painful for yourself in a hurry.
I guess this depends on your environment. Try for a while and add
more if needed. I’m guessing hundreds of MB would be a nice amount of
room. Use aggressive log management to handle things if they get beyond that.
It’s the same backend, so it’s just the frontend you need to worry
about. SELinux is not something I’ve done much with but my experience
with it has shown it to be perhaps a little complex overall. It may have
some additional possibilities via the provided tools as well though I am
not experienced enough in either technology to know for sure.
Putting a server where it may be attacked? Yes. For your prsonal
laptop that has the firewall covering all ports 24x7 anyway? Probably not
(at least not beyond any defaults).
Good luck.
DaveInRoseville wrote:
> Hi,
>
> I’m interested in getting feedback from anyone who has deployed
> AppArmor in a company environment. Specifically I would like to know:
>
> 1. How much of a performance hit can I expect with AppArmor ?
>
> 2. Is it buggy ? How good is the support from SuSe for AppArmor ?
>
> 3. How user friendly is the policy parser ?
>
> 4. What are the basic gotcha’s that I should be aware of when setting
> it up ?
>
> 5. How much disk space should I allocate for event logs ?
>
> 6. Is AppArmor better than SELinux ?
>
> 7. In your opinion, given the additional burden of managing and
> maintaining AppArmor, is it worth it ?
>
> Any feedback would be appreciated. Thanks,
>
> Dave
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
are you using openSUSE “in a company environment”?? if you are, you
are one brave dude/dudette!
let me GUESS you are running SUSE Linux Enterprise Server and/or
Desktop (aks: SLES and SLED)…am i right? if so, you need to
recognize that while SLES/D version 10 or 11 are similar to openSUSE’s
current version 11.1 they are NOT the same…
here, you are in a “community” of openSUSE users and volunteer
helpers…we fight the bugs before Novell polishes them up and SELLS
SLES and SLED…and we try to help the new folks fleeing lessor
products in droves…
if you are using an Enterprise product then you paid for them, and for
the support you should get from Novell and the users of Novell’s
products in forums.novell.com
otoh, if you really are brave enough to use this half-baked loaf, then
say so…and, maybe there are a few around here who can answer…
hmmmm…i think AppArmor (set at some useful but non-intrusive level)
is included in the default install of openSUSE…i’ve never been
‘afraid’ of intrusion enough to fiddle with it or the default fire
wall (on the other hand i am behind a hardware firewall (in my router,
connected to a ISP provided “ADSL modem”) and i have a STRONG
password, STRONGER root pass, run rkhunter, running no ftpd, sshd,
apache, etc etc etc, have even ping turned off and and and…BUT,
have never fiddled with AppArmor…so, i can’t help more…