On Tue, Jun 16, 2009 at 07:06:36PM -0000, Tom Metro wrote:
> Thanks. I figured that might be the case. Same true for /dir/ vs.
> /dir/** I presume.
Yes, the latter matches everything underneath /dir/ but not /dir/
itself.
> But what about:
>
> /video2/**/ r,
> /video2/mythtv/1024_20090131200000.mpg r,
> /video2/mythtv/1029_20090310173000.mpg r,
>
> These seem redundant, unless that first rule should be /video2/**
> without the trailing slash.
Indeed it should be /video2/** as /video2/**/ is telling it to match any
directory under /video2/. /video2/** will allow access to any files or
directories under /video2/.
You can also restrict access to just files under /video2/ with the pattern
'/video2/**[^/]', but things that need to query what directory entries
exist in each directory will need read access to the directories. An
alternative pattern where you know /video2 will be populated by only
*.mpg files and subdirectories would be '/video2/**{.mpg,/} r,'. But
that's a matter of how tight you wish the restrictions to be.
--
Steve Beattie
<sbeat...@ubuntu.com>
http://NxNW.org/~steve/
--
aa-logprof: doesn't remove redundant rules
https://bugs.launchpad.net/bugs/387663
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
