Re: File regular expression matching in KAuth
Re: File regular expression matching in KAuth
- Subject: Re: File regular expression matching in KAuth
- From: Jacques Vidrine <email@hidden>
- Date: Fri, 19 Jun 2009 06:31:17 -0700
You can accomplish your example by using Sandbox in Leopard and later
releases. It provides a flexible mechanism for defining what
operating system resources a process may or may not obtain.
Unfortunately, that mechanism is not API, and may change from release
to release.
For example:
$ wc /private/etc/profile
9 30 189 /private/etc/profile
$ sandbox-exec -p '(version 1) (allow default) (deny file-read* file-
write* (regex #"^/private/etc/p"))' zsh
$ wc /private/etc/profile
wc: /private/etc/profile: open: Permission denied
You can see a few other example Sandbox definitions in /usr/share/
sandbox.
Cheers,
--
Jacques
On Jun 19, 2009, at 1:24 AM, evaluador evaluador wrote:
Hello,
I want to implement a kauth filter based on regular expression
filename matching. I would like to, for example, deny open to "/etc/
p*". How could I implement this from kernel without having to parse
the mask myself?
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
@apple.com
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden