[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
systrace and file globbing
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: systrace and file globbing
- From: Sebastian Stark <seb_(_at_)_todesplanet_(_dot_)_de>
- Date: Fri, 18 Oct 2002 13:27:17 +0200
- Mail-followup-to: misc_(_at_)_openbsd_(_dot_)_org
I want to write a systrace policy for opera and have a light
opera wants to linux-fsread on /home/username
So I could easily say:
linux-fsread: filename eq "/home/username" then permit
But I want the policy to apply to all users, so I try:
linux-fsread: filename match "/home/*" then permit
systrace(1) calls fnmatch(3) with flags FNM_PATHNAME | FNM_LEADING_DIR.
FNM_PATHNAME says that / must be explicitely matched. Does this mean
that "/home/*" matches e.g. /home/seb but NOT /home/seb/something ?
Another problem I have is understanding the following sentence in
Ignore /* rest after successful pattern
What is the impact of this wrt to systrace(1)? Maybe it's just me not
understanding enough English. Anyway, could someone explain, please?
Thanks in advance,
Free your mind and your ass will follow -- http://www.funkaffair.de
Visit your host, monkey.org