Emery Hemingway
447329eaee
Change the root of a session request into an explicit path and apply the label-to-path conversion using the "path_prefix" policy attribute. This is in addition to only applying a root change with a "path" attribute. Ref #3031 Fix #3056 |
||
---|---|---|
.. | ||
component.cc | ||
README | ||
target.mk |
This component intercepts File_system requests and changes the root directory attached to requests as defined by policy or by converting session label elements to a hierarchy of directories. Sessions matching policies with _path_ attributes will be "chrooted" to the configured policy path, sessions not matching policies with _path_ attributes will be chrooted into paths formed from each session label element. Sessions matching polices with a _path_prefix_ attribute are both rooted at the attribute path and in sub-directories formed by the session label. Sessions requests are downgraded to read-only requests unless matched by polices with an affirmative _writeable_ attribute. Sessions not matching any policy are rejected. Please note that this server is only effective for File_system servers that honor the "root" or "writeable" argument to session requests.