Hi, I want to experiment with caitsith to restrict processes' ability to modify/read data from other processes (I am not sure how that affects inter process communication). The following example should prevent processes to read /proc/\$/mem of processes from a different user (root can still read everything). 10 acl read /proc/\$/mem 1 allow task.euid=0 10 allow task.euid=path.uid 100 deny Is it possible to bind '\$' for a query occurring during run-time and then use it in the rules? With the following, I want to allow only root and the current process to read its /proc/\$/mem. Is something like this possible with caitsith? 10 acl read /proc/\$/mem 1 allow task.euid=0 10 allow task.pid=\$ 100 deny Thanks, Torsten