on Wed, Sep 24, 2003 at 07:30:25PM +1000, Daniel Carosone wrote:
> I was thinking something more like (in the policy)
> 
>   netbsd-fswrite: filename eq "/etc/master.passwd" then kill
> 
> or even
> 
>   netbsd-connect: sockaddr match "/tmp/.X11-unix/* then signal SIGSTOP

Hm, if you're running a process with:
	systrace -ak blah
why have netbsd-fswrite for /etc/master.passwd at all?
 
> I'm not sure there are enough signals that would really be interesting
> enough to be worth implementing the latter mechanism, but it's an
> idea to consider.

As David suggested, there could be something useful in a core dump,
but I am not so sure about specifying this per explicit policy rule.