By convention, the portal daemon divides the namespace into sub-namespaces, each of which handles objects of a particular type.
The following sub-namespaces are currently implemented: fs, pipe, tcp, and tcplisten.
The fs namespace opens the named file, starting back at the root directory. This can be used to provide a controlled escape path from a chrooted environment.
The pipe namespace executes the named command, starting back at the root directory. The commands arguments can be provided after the commands name, by separating them with spaces or tabs. Files opened for reading in the pipe namespace will receive their input from the commands standard output; files opened for writing will send the data of write operations to the commands standard input.
The tcp namespace takes a slash separated hostname and a port and creates an open TCP/IP connection.
The tcplisten namespace takes a slash separated hostname and port and creates a TCP/IP socket bound to the given hostname-port pair. The hostname may be specified as "ANY" to allow any other host to connect to the socket. A port number of 0 will dynamically allocate a port, this can be discovered by calling getsockname(2) with the returned file descriptor. Privileged ports can only be bound to by the super-user.
The configuration file contains a list of rules. Each rule takes one line and consists of two or more whitespace separated fields. A hash (#) character causes the remainder of a line to be ignored. Blank lines are ignored.
The first field is a pathname prefix to match against the requested pathname. If a match is found, the second field tells the daemon what type of object to create. Subsequent fields are passed to the creation function.
# @(#)portal.conf 5.1 (Berkeley) 7/13/92
tcplisten/ tcplisten tcplisten/
tcp/ tcp tcp/
fs/ file fs/
pipe/ pipe pipe/