Because Caitsith has the functionality to create deny rules, I was wondering if you would be open to adding functionality to caitsith-queryd to ignore certain deny rules. I would like to propose a "query 0" rule which when triggered with caitsith-queryd running, would silently bypass prompting.
For example, using the following ruleset I am trying to block inet_stream_connect connections for all applications, except those I've whitelisted. I want to be prompted by queryd for violations of this rule like normal. However, I also want to block blacklisted applications and not be prompted by caitsith-queryd. 0 acl inet_stream_connect audit 1 query 0 10 deny task.exe="/usr/bin/rsync" 10 acl inet_stream_connect audit 1 10 allow task.exe="/usr/bin/curl" 100 deny If this functionality already exists through more clever rule writing, please excuse my ignorance. If not, any consideration you may give to my idea would be appreciated.
_______________________________________________ tomoyo-users-en mailing list tomoyo-users-en@lists.osdn.me http://lists.osdn.me/mailman/listinfo/tomoyo-users-en
