Hello. Giuseppe La Tona wrote: > This solution sounds great. Thanks Tetsuo. > I am looking forward to check it out. You can get it from http://sourceforge.jp/projects/tomoyo/svn/view/trunk/1.7.x/?root=tomoyo . It seems that some people expect /var/www/html/\{\*\-.\*\}/\*.html matches /var/www/html/index.html so that they can merge two lines into one. <kernel> /usr/sbin/httpd allow_read /var/www/html/\*.html allow_read /var/www/html/\{\*\}/\*.html | V <kernel> /usr/sbin/httpd allow_read /var/www/html/\{\*\}/\*.html <kernel> /etc/init.d/rcS /usr/bin/find /bin/rmdir allow_rmdir /tmp/\*/ allow_rmdir /tmp/\{\*\}/ | V <kernel> /etc/init.d/rcS /usr/bin/find /bin/rmdir allow_rmdir /tmp/\*/\{\*\}/ Should /\{dir\}/ match "/" + "zero or more repetitions of dir/" (e.g. / /dir/ /dir/dir/ /dir/dir/dir/ ) rather than "/" + "one or more repetitions of dir/" (e.g. /dir/ /dir/dir/ /dir/dir/dir/ ) ? If /\{dir\}/ matches "/" + "zero or more repetitions of dir/", users will have to specify allow_rmdir /tmp/\*/\{\*\}/ to exclude /tmp/ itself, for allow_rmdir /tmp/\{\*\}/ includes allow_rmdir /tmp/ .