TOMOYO

Fork

[tomoyo-users-en 678] [Caitsith] bind wildcard expressions

• Previous message (by thread): [tomoyo-users-en 677] Distrowatch discussion
• Next message (by thread): [tomoyo-users-en 679] Re: [Caitsith] bind wildcard expressions
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

I want to experiment with caitsith to restrict processes' ability to
modify/read data from other processes (I am not sure how that affects
inter process communication).

The following example should prevent processes to read /proc/\$/mem of
processes from a different user (root can still read everything).

10 acl read /proc/\$/mem
    1 allow task.euid=0
    10 allow task.euid=path.uid
    100 deny

Is it possible to bind '\$' for a query occurring during run-time and
then use it in the rules? With the following, I want to allow only root
and the current process to read its /proc/\$/mem. Is something
like this possible with caitsith?

10 acl read /proc/\$/mem
    1 allow task.euid=0
    10 allow task.pid=\$
    100 deny

Thanks,
Torsten

• Previous message (by thread): [tomoyo-users-en 677] Distrowatch discussion
• Next message (by thread): [tomoyo-users-en 679] Re: [Caitsith] bind wildcard expressions
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]