On 2023/10/05 23:54, Esteban Gil wrote: > Hello! > > While digging into the audit logs, I noticed that "file execute" events > dump envp[] info, which contains the variable USERNAME that shows which > user has launched the process. > This tells me that Akari is able to know which user is launching the > program. I was wondering if implementing some sort of process execution > restriction by user is something that is > being considered or if it has ever been considered and discarded. Curious > to know, since I think it could be quite powerful and useful. I think that CaitSith ( https://caitsith.sourceforge.net/ ) fits better. You can check https://I-love.SAKURA.ne.jp/tomoyo/CaitSith-en.pdf .
TOMOYO
Fork