[tomoyo-dev-en 293] Re: recursive directory wildcard

Back to archive index

Jamie Nguyen jamie****@tomoy*****
Fri Jun 24 04:22:16 JST 2011


Horvath Andras wrote:
> If i see it correctly, when i try to give recursive read access to a
> directory (for example /tmp/test/), then i have to use 2 lines of rules:
>
> allow_read /tmp/test/\*
> allow_read /tmp/test/\{\*\}/\*
>
> ..because the "\{\*\}" recursive dir wildcard means at least 1 or more
> directories, right?

Correct.


> So isn't there a 1 line solution for the recursive read access? Like a
> recursive wildcard where it means zero or more repetition?

The short answer is no. Both must be specified in order to allow a
domain to read all files within a directory and subdirectories.

However, you could also consider putting this in exception policy:

    path_group TMP_TEST /tmp/test/\*
    path_group TMP_TEST /tmp/test/\{\*\}/\*

And then you would be able to put just a single line in domain policy:

    allow_read @TMP_TEST

If you are using 2.2, then see here:
http://tomoyo.sourceforge.jp/2.2/policy-reference.html.en#exception_policy_path_group

If you are using 2.3, then see here:
http://tomoyo.sourceforge.jp/2.3/policy-specification/exception-policy-syntax.html.en#path_group

Kind regards,
Jamie




More information about the tomoyo-dev-en mailing list
Back to archive index