[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

systrace and file globbing

I want to write a systrace policy for opera and have a light
comprehension problem.

opera wants to linux-fsread on /home/username

So I could easily say:

  linux-fsread: filename eq "/home/username" then permit

But I want the policy to apply to all users, so I try:

  linux-fsread: filename match "/home/*" then permit

systrace(1) calls fnmatch(3) with flags FNM_PATHNAME | FNM_LEADING_DIR.

FNM_PATHNAME says that / must be explicitely matched. Does this mean
that "/home/*" matches e.g. /home/seb but NOT /home/seb/something ?

Another problem I have is understanding the following sentence in

                        Ignore /* rest after successful pattern

What is the impact of this wrt to systrace(1)? Maybe it's just me not
understanding enough English. Anyway, could someone explain, please?

Thanks in advance,

Free your mind and your ass will follow -- http://www.funkaffair.de

Visit your host, monkey.org