Hi, Most if not all firewalls on MS Windows have a feature that they will alert you when an unauthorised program is trying to access the network, and let you allow or deny it. I've mostly got Tomoyo to do this now, using the examples in http://tomoyo.sourceforge.jp/1.7/tutorial-7.html.en The main issue is that ccs-queryd needs to be left running continuously, and popup when needed. Here is a silly patch that makes it do this, so you can see what I mean: --- ccstools.src/queryd.c.orig 2010-11-05 05:36:51.000000000 +0000 +++ ccstools.src/queryd.c 2010-11-07 14:26:43.000000000 +0000 @@ -356,6 +356,9 @@ _printw("ERROR: Unsupported query.\n"); return false; } + + system ("wmctrl -R ccs-queryd"); + *(cp - 1) = '\0'; /* if (0 && !retries && check_path_info(buffer)) { and to make that work you'd have to set the xterm's title that's running ccs-query to be "ccs-queryd". Another requirement is that it's started at bootup (or user login). Perhaps it could be implemented as a daemon, that calls dbus and libnotify, or whatever the mechanism is that desktops use for popups these days. Another issue is that I think the kernel's state and the on disk config should be synchronised, ie. ccs-savepolicy should be called every time a change is made, because I don't want to have to remember there is unsaved state in the kernel. That'll be another one line patch to ccs-queryd :) Regards, Laurence
TOMOYO
Fork