In the case of an application (ex. douane-configurator) access the internet through another program or library (ex. /usr/bin/python3.3), then there should be some means of disabling the original program and not the program/library it is going through or the combination of the two.
Subscribing to this one, important feature.
Also, interesting question (can't test out right now, I'm on a goddamn tablet for the rest of August) - how would Douanne recognize a Chrooted application launched through a combination of an Expect script and a bash script ?
This feature still need investigations. As of now, I have now idea how to implement it (if anyone has idea, please feel free to suggest).
The process recognition is done in the kernel space. Probably there's a way to get children of a process (I'm thinking of the python case, where a script is running as a child of the python process.).
Yep, that seems like a remarkably nontrivial feature (kinky edge cases also include python's virtualenvs and such)
Also, one should keep in mind what happens to children when parent dies (IIRC, on ubuntu, the child will be "adopted" by pid 1, but that behavior is not a given)