Subject: Re: CVS commit: src/bin/systrace
To: Elad Efrat <>
From: Niels Provos <>
List: source-changes
Date: 08/10/2005 23:51:08
Well, the man pages says:

        inpath   Evaluates to true if the system call argument is a subpath of

subpath is to be interpreted as subset.  So, any path that is covered by
cmdstring would make inpath evaluate to true.

Please fix.  This is going to screw up all people who have working systrace
policies using inpath at the moment.  For the effect that you want, it's
easy to use a regular expression:

  filename re "^/usr/some/path/.*"


On Wed, Aug 10, 2005 at 10:39:51PM +0300, Elad Efrat wrote:
> Niels Provos wrote:
> >then inpath "/usr/home/elad" matches
> >
> >  cd "/usr/home/elad"
> >  cd "/usr/home"
> >  cd "/usr"
> >  cd "/"
> From the manual, I was under the impression that inpath is used to
> evaluate subdirs, so that inpath "/usr/home/elad" should match
> anything in that directory and below:
> 	cd "/usr/home/elad/foo"
> 	cd "/usr/home/elad/bar"
> ...or, at least, that what seems logical given the name "inpath"
> and the explanation in systrace(1).
> -e.
> -- 
> Elad Efrat
> PGP Key ID: 0x666EB914