6b94e65a95
Issue #1987 Issue #3125 |
||
---|---|---|
.. | ||
component.cc | ||
README | ||
target.mk |
This component intercepts File_system requests and changes the root directory attached to requests as defined by policy or by converting session label elements to a hierarchy of directories. Sessions matching policies with _path_ attributes will be "chrooted" to the configured policy path, sessions not matching policies with _path_ attributes will be chrooted into paths formed from each session label element. Sessions matching polices with a _path_prefix_ attribute are both rooted at the attribute path and in sub-directories formed by the session label. Sessions requests are downgraded to read-only requests unless matched by polices with an affirmative _writeable_ attribute. Sessions not matching any policy are rejected. Please note that this server is only effective for File_system servers that honor the "root" or "writeable" argument to session requests.