Horvath Andras
han****@log69*****
Fri Jun 24 15:36:56 JST 2011
Thanks! On Thu, 23 Jun 2011 20:22:16 +0100 Jamie Nguyen <jamie****@tomoy*****> wrote: > Horvath Andras wrote: > > If i see it correctly, when i try to give recursive read access to a > > directory (for example /tmp/test/), then i have to use 2 lines of > > rules: > > > > allow_read /tmp/test/\* > > allow_read /tmp/test/\{\*\}/\* > > > > ..because the "\{\*\}" recursive dir wildcard means at least 1 or > > more directories, right? > > Correct. > > > > So isn't there a 1 line solution for the recursive read access? > > Like a recursive wildcard where it means zero or more repetition? > > The short answer is no. Both must be specified in order to allow a > domain to read all files within a directory and subdirectories. > > However, you could also consider putting this in exception policy: > > path_group TMP_TEST /tmp/test/\* > path_group TMP_TEST /tmp/test/\{\*\}/\* > > And then you would be able to put just a single line in domain policy: > > allow_read @TMP_TEST > > If you are using 2.2, then see here: > http://tomoyo.sourceforge.jp/2.2/policy-reference.html.en#exception_policy_path_group > > If you are using 2.3, then see here: > http://tomoyo.sourceforge.jp/2.3/policy-specification/exception-policy-syntax.html.en#path_group > > Kind regards, > Jamie > > _______________________________________________ > tomoyo-dev-en mailing list > tomoy****@lists***** > http://lists.sourceforge.jp/mailman/listinfo/tomoyo-dev-en
TOMOYO
Fork