Emery Hemingway
447329eaee
Change the root of a session request into an explicit path and apply the label-to-path conversion using the "path_prefix" policy attribute. This is in addition to only applying a root change with a "path" attribute. Ref #3031 Fix #3056
17 lines
871 B
Plaintext
17 lines
871 B
Plaintext
This component intercepts File_system requests and changes
|
|
the root directory attached to requests as defined by
|
|
policy or by converting session label elements to a
|
|
hierarchy of directories.
|
|
|
|
Sessions matching policies with _path_ attributes will be "chrooted" to the
|
|
configured policy path, sessions not matching policies with _path_ attributes
|
|
will be chrooted into paths formed from each session label element. Sessions
|
|
matching polices with a _path_prefix_ attribute are both rooted at the
|
|
attribute path and in sub-directories formed by the session label.
|
|
Sessions requests are downgraded to read-only requests unless matched by
|
|
polices with an affirmative _writeable_ attribute. Sessions not matching any
|
|
policy are rejected.
|
|
|
|
Please note that this server is only effective for File_system servers that
|
|
honor the "root" or "writeable" argument to session requests.
|