Hi,
I want to experiment with caitsith to restrict processes' ability to
modify/read data from other processes (I am not sure how that affects
inter process communication).
The following example should prevent processes to read /proc/\$/mem of
processes from a different user (root can still read everything).
10 acl read /proc/\$/mem
1 allow task.euid=0
10 allow task.euid=path.uid
100 deny
Is it possible to bind '\$' for a query occurring during run-time and
then use it in the rules? With the following, I want to allow only root
and the current process to read its /proc/\$/mem. Is something
like this possible with caitsith?
10 acl read /proc/\$/mem
1 allow task.euid=0
10 allow task.pid=\$
100 deny
Thanks,
Torsten
_______________________________________________
tomoyo-users-en mailing list
tomoyo-users-en@lists.osdn.me
http://lists.osdn.me/mailman/listinfo/tomoyo-users-en
