[sandbox] specifying the destination of '-i' files/dirs
Christoph A.
casmls at gmail.com
Tue May 24 13:17:10 UTC 2011
On 05/24/2011 02:59 PM, Daniel J Walsh wrote:
> I guess I would need a syntax that would make sense. Remember you can do
>
> sandbox -X -i ~/.mozilla -i ~/.gnome ...
>
> I guess you could use some syntax where the we had a separator, that
> showed the destination directory
>
> sandbox -X -i ~/.sandbox/ffftemplate1/.mozilla:~/.mozilla
>
> But the separator would need to be something not likely to be in a file
> system.
Yes, I'm aware about the possibility of multiple '-i',
but I think it would still be possible to implement this without a
special separator. Though I have to admit that it won't be very nice ;)
sandbox -X -i ~/foo evince
(evince is the last argument and is therefore the cmd)
sandbox -X -i ~/a/b ~/b evince
(~/b is the destination)
sandbox -X -i ~/a/b/c ~/d -i ~/f/c evince
is also clear.
Is there a risk of an ambiguous syntax?
One would have to implement a "collision detection" for cases like:
sandbox -X -i ~/a/b/c ~/c -i ~/c evince
I also thought about a change to the '-i' switch so that everything
would be copied to ~
example:
sandbox -X -i ~/a/b/c evince
would automatically copy ~/a/b/c to ~/c
but this behaviour would result in problems with commands like this:
sandbox -X -i ~/a/c -i ~/x/c evince
because two distinct files/folders would have the same destination.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: OpenPGP digital signature
Url : http://lists.fedoraproject.org/pipermail/selinux/attachments/20110524/ae44b584/attachment.bin
More information about the selinux
mailing list