Jamie Nguyen
jamie****@tomoy*****
Fri Jun 24 04:22:16 JST 2011
Horvath Andras wrote: > If i see it correctly, when i try to give recursive read access to a > directory (for example /tmp/test/), then i have to use 2 lines of rules: > > allow_read /tmp/test/\* > allow_read /tmp/test/\{\*\}/\* > > ..because the "\{\*\}" recursive dir wildcard means at least 1 or more > directories, right? Correct. > So isn't there a 1 line solution for the recursive read access? Like a > recursive wildcard where it means zero or more repetition? The short answer is no. Both must be specified in order to allow a domain to read all files within a directory and subdirectories. However, you could also consider putting this in exception policy: path_group TMP_TEST /tmp/test/\* path_group TMP_TEST /tmp/test/\{\*\}/\* And then you would be able to put just a single line in domain policy: allow_read @TMP_TEST If you are using 2.2, then see here: http://tomoyo.sourceforge.jp/2.2/policy-reference.html.en#exception_policy_path_group If you are using 2.3, then see here: http://tomoyo.sourceforge.jp/2.3/policy-specification/exception-policy-syntax.html.en#path_group Kind regards, Jamie