This is awesome stuff Tetsuo - it seems like you've enumerated all the problems I've been thinking about for some time.
I'll definitely play with it but there's going to be some barrier in deploy since it is a LKM that we have to build/support/maintain. This brings to an interesting question - have you ran into any folks that are deploying tomoyo/caitsith in large scale? It would be interesting to see what type of perf impact there are. I can see you've already figure out some memory management when it comes to audit and ruleset check. For now, I'll implement tomoyo as is (no caithsith) and test out what the perf impact is. Again, thank you for all your work and if you're ever visiting the San Francisco area, please let me know. Would love to chat with you more :) Ryan On Tue, Mar 25, 2014 at 2:40 PM, Tetsuo Handa < [email protected]> wrote: > Hello. > > Ryan Seu wrote: > > I'm playing with tomoyo as a way to not whitelist but blacklist all > > syscalls from executing on a particular path (/mnt). > > CaitSith would be easier and suitable for that purpose. > http://I-love.SAKURA.ne.jp/tomoyo/CaitSith-en.pdf >
_______________________________________________ tomoyo-users-en mailing list [email protected] http://lists.sourceforge.jp/mailman/listinfo/tomoyo-users-en
