> This is exactly what Immunix SubDomain does: define the files and > network activities that each program may access. We use use regular > expressions to specify policy, so for instance, fingerd could be > permitted to read /home/*/.plan and not read anything else.
I'm glad to hear that SubDomain exists. Can you extend the idea for individual Python/Perl scripts, or do you have to restrict all Python/Perl scripts with one policy? - Jared
