Hello Tetsuo! I Hope everything is fine at this hard moment, Recently, I have been trying to develop an Akari policy but I have encountered a problem when I try to restrict the "kill" comand from the bash shell. If I use /bin/kill or /usr/bin/kill from command line, I can control what happens because these programs have a self domain in domainpolicy, but when I use the shell built-in command "kill" It does not have a self domain, so if the bash shell is permitted in a certain domain it can kill every process without that explicit permission. How can I avoid or prevent that? I have been watching the AKARI documentation pages and I miss the "ipc signal" directive, but in Tomoyo 1.8 It is present. And in the comparison table between AKARI/Tomoyo seems that Akari can control IPC signals. Is there a way to control the ipc signals sended from shell bash? Best Regards. Gabriel Borges. -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.osdn.me/mailman/archives/tomoyo-users-en/attachments/20200520/78f2ba57/attachment.html>
TOMOYO
Fork