ok, thanks. I read that the behaviour of domains has changed since Tomoyo. But should not a task.domain from a child process contain task.exe from its parent process? In my case, my mail-client calls a pdf viewer which has set task.domain="<kernel>" instead of task.domain="/usr/bin/claws-mail". Or does Tomoyo (TOMOYO Linux 2.x) interfere with CaitSith (fully featured version) - Tomoyo has a initialize_domain on the pdf viewer, so in Tomoyo's case domain <kernel> is correct. Thanks Torsten On Sat, 12 Apr 2014 20:33:15 +0900 Tetsuo Handa <from-****@I-lov*****> wrote: > Torsten Wortwein wrote: > > does CaitSith support something like an operation_group? That would simplify rule creation. > > Not implemented, for the conditional variables applicable to one operation may > not be applicable to another. For example, creating a file accepts "perm" > variable whereas opening a file for reading does not. > > The variables are the characteristic and the power of TOMOYO/AKARI/CaitSith. > Grouping multiple operations into one will limit the power of variables. > > Regards.