Hello,

I played today with systrace and I encoutered some problems.
Here is the first problem:

Policy: /bin/ls, Emulation: netbsd
        netbsd-issetugid: permit
        netbsd-ioctl: permit
        netbsd-getuid: permit
        netbsd-__sysctl: permit
        netbsd-mmap: permit
        netbsd-break: permit
        netbsd-fsread: filename match "/etc*" then deny[EPERM], if user != 
root
        netbsd-fsread: permit, if user = root
        netbsd-fchdir: permit
        netbsd-__fstat13: permit
        netbsd-fcntl: permit
        netbsd-fstatfs: permit
        netbsd-lseek: permit
        netbsd-getdents: permit
        netbsd-close: permit
        netbsd-write: permit
        netbsd-exit: permit
        netbsd-execve: permit

but still: 
# systrace -a ls /etc/
ls: : Operation not permitted

also:
# systrace -a ls /
ls: /: Operation not permitted

The policy file is obtained from -A and I just played with fsread. Why is not 
working for root to do `ls`, I just can't understand. Can anyone explain me 
the rule parsing of systrace ? I mean, is using first match or last match ?
And the second question: is there any thought of implementing the `else` 
keyword ?

Thanks,
Mihai Chelaru