Jamie Nguyen
jamie****@tomoy*****
Fri Jun 24 04:22:16 JST 2011
TOMOYO
ForkHorvath Andras wrote:
> If i see it correctly, when i try to give recursive read access to a
> directory (for example /tmp/test/), then i have to use 2 lines of rules:
>
> allow_read /tmp/test/\*
> allow_read /tmp/test/\{\*\}/\*
>
> ..because the "\{\*\}" recursive dir wildcard means at least 1 or more
> directories, right?
Correct.
> So isn't there a 1 line solution for the recursive read access? Like a
> recursive wildcard where it means zero or more repetition?
The short answer is no. Both must be specified in order to allow a
domain to read all files within a directory and subdirectories.
However, you could also consider putting this in exception policy:
path_group TMP_TEST /tmp/test/\*
path_group TMP_TEST /tmp/test/\{\*\}/\*
And then you would be able to put just a single line in domain policy:
allow_read @TMP_TEST
If you are using 2.2, then see here:
http://tomoyo.sourceforge.jp/2.2/policy-reference.html.en#exception_policy_path_group
If you are using 2.3, then see here:
http://tomoyo.sourceforge.jp/2.3/policy-specification/exception-policy-syntax.html.en#path_group
Kind regards,
Jamie