The s6-accessrules-cdb-from-fs program

s6-accessrules-cdb-from-fs compiles a directory containing a ruleset suitable for s6-ipcserver-access or s6-tcpserver-access into a CDB file.


     s6-accessrules-cdb-from-fs cdbfile dir

Ruleset directory format

To be understood by s6-accessrules-cdb-from-fs, s6-ipcserver-access, or s6-tcpserver-access, dir must have a specific format.

dir contains a series of directories:

Depending on the application, other directories can appear in dir and be compiled into cdbfile, but s6-tcpserver-access only uses the first three, and s6-ipcserver-access only uses the last two.

Each of those directories contains a set of rules. A rule is a subdirectory named after the set of keys it matches, and containing actions that will be executed if the rule is the first matching rule for the tested key.

The syntax for the rule name is dependent on the nature of keys, and fully documented on the accessrules library page. For instance, a subdirectory named in the ip4 directory will match every IPv4 address in the network that does not match a more precise rule.

The syntax for the actions, however, is the same for every type of key. A rule subdirectory can contain the following elements: