[Please CC, I'm not subscribed to the list] Hello, thank you for the excellent piece of software that is TOMOYO Linux. I'd like this one feature implemented to extend Tomoyo's reach to more desktop use cases. The feature would be simple: allow means to call a notification executable on any failed security hook if e.g. TOMOYO_ASK is set in the profile. Of course that application would have to be added to manager.conf if it needs to change the policy, but that's irrelevant. Some simple communication protocol would have to be defined (e.g. command line options). I'm not sure if it's possible to block in an LSM hook w/o hanging the machine... I hope it is. Another semi-related feature would be to a way to disable logging for some matches. (ones expected to fail) This should reduce unnecessary clutter. Radoslaw