Hello Tetsuo! I Hope everything is fine at this hard moment,
Recently, I have been trying to develop an Akari policy but I have encountered a problem when I try to restrict the "kill" comand from the bash shell. If I use /bin/kill or /usr/bin/kill from command line, I can control what happens because these programs have a self domain in domainpolicy, but when I use the shell built-in command "kill" It does not have a self domain, so if the bash shell is permitted in a certain domain it can kill every process without that explicit permission. How can I avoid or prevent that? I have been watching the AKARI documentation pages and I miss the "ipc signal" directive, but in Tomoyo 1.8 It is present. And in the comparison table between AKARI/Tomoyo seems that Akari can control IPC signals. Is there a way to control the ipc signals sended from shell bash? Best Regards. Gabriel Borges.
_______________________________________________ tomoyo-users-en mailing list tomoyo-users-en@lists.osdn.me https://lists.osdn.me/mailman/listinfo/tomoyo-users-en
