Index: excludes.c =================================================================== RCS file: /home/ncvs/src/usr.sbin/mtree/excludes.c,v retrieving revision 1.1.2.4 diff -u -r1.1.2.4 excludes.c --- excludes.c 12 Jan 2001 19:17:18 -0000 1.1.2.4 +++ excludes.c 9 Aug 2002 16:12:09 -0000 @@ -50,7 +50,11 @@ struct exclude { LIST_ENTRY(exclude) link; const char *glob; - int pathname; + enum { + NONE = 0, + PATHNAME = 1, + INVERSE = 2 + } flags; }; static LIST_HEAD(, exclude) excludes; @@ -77,6 +81,8 @@ len--; if (len == 0) continue; + if (line[0] == '#') + continue; str = malloc(len + 1); e = malloc(sizeof *e); @@ -85,10 +91,14 @@ e->glob = str; memcpy(str, line, len); str[len] = '\0'; + e->flags = NONE; if (strchr(str, '/')) - e->pathname = 1; - else - e->pathname = 0; + e->flags |= PATHNAME; + if (line[0] == '!') { + e->flags |= INVERSE; + /* only OK because we don't call free() */ + e->glob++; + } LIST_INSERT_HEAD(&excludes, e, link); } fclose(fp); @@ -103,9 +113,9 @@ #define MATCH(g, n) (fnmatch((g), (n), FNM_PATHNAME) == 0) LIST_FOREACH(e, &excludes, link) { - if (e->pathname && MATCH(e->glob, path) + if ((e->flags & PATHNAME) && MATCH(e->glob, path) || MATCH(e->glob, fname)) - return 1; + return (e->flags & INVERSE) ? 0 : 1; } return 0; } Index: mtree.8 =================================================================== RCS file: /home/ncvs/src/usr.sbin/mtree/mtree.8,v retrieving revision 1.16.2.10 diff -u -r1.16.2.10 mtree.8 --- mtree.8 10 May 2002 05:08:57 -0000 1.16.2.10 +++ mtree.8 9 Aug 2002 16:10:42 -0000 @@ -148,10 +148,21 @@ .Ql \&/ character, it will be matched against entire pathnames (relative to the starting directory); otherwise, -it will be matched against basenames only. No comments are allowed in -the +it will be matched against basenames only. +Comment lines in the .Ar exclude-list -file. +file are marked by a +.Ql # +character at the start of the line. +.Sq Unexclusions , +which may be used to specify paths which should be +scanned despite being matched by an exclusion line, +are specified by lines starting with a +.Ql \&! +character at the start of the line. +See the +.Sx EXAMPLES +for guidance on using this feature. .El .Pp Specifications are mostly composed of ``keywords'', i.e. strings that @@ -318,6 +329,54 @@ were used to create almost all directories in this .Fx distribution. +.Pp +The +.Fl X +.Sq unexclusion +feature is slightly tricky to use. +Say you want to scan the whole of +.Pa /usr +except for +.Pa /usr/home , +but you +.Em do +want to scan +.Pa /usr/home/ftp . +If you put +.Bd -literal -compact -offset indent +usr/home +!usr/home/ftp +.Ed +in the +.Ar exclude-list +file, +then the unexclusion will have no effect because +.Nm +will not recurse below +.Pa /usr/home . +Instead, write +.Bd -literal -compact -offset indent +usr/home/* +!usr/home/ftp +.Ed +to exclude everything below +.Pa /usr/home +except for +.Pa /usr/home/ftp +(and leave +.Pa /usr/home +implicitly included). +Note also that order matters: lines later in the +.Ar exclude-list +file override lines earlier in the file. +The previous example would not work if it were in the opposite order, +because +.Li usr/home/* +would match and exclude +.Pa /usr/home/ftp +before +.Li !usr/home/ftp +unexcluded it. .Sh FILES .Bl -tag -width /etc/mtree -compact .It Pa /etc/mtree Index: periodic.conf =================================================================== RCS file: /home/fanf/cvs/etc/defaults/periodic.conf,v retrieving revision 1.1.1.4 retrieving revision 1.2 diff -u -r1.1.1.4 -r1.2 --- periodic.conf 20 Apr 2002 11:55:00 -0000 1.1.1.4 +++ periodic.conf 9 Aug 2002 21:34:45 -0000 1.2 @@ -143,6 +143,12 @@ # 100.chksetuid daily_status_security_chksetuid_enable="YES" +# 150.chkall +# The output of the _fetch_spec command is piped to mtree +daily_status_security_chkall_enable="YES" +daily_status_security_chkall_fetch_spec="cat /var/db/chkall.mtree" +daily_status_security_chkall_mtree_args="-e -p /" + # 200.chkmounts daily_status_security_chkmounts_enable="YES" #daily_status_security_chkmounts_ignore="^amd:|^mfs:" # Don't check matching