eavesdrop="true" | "false"
own="name"
+ own_prefix="name"
user="username"
group="groupname"
.fi
implement and maybe encourage sloppy security anyway.
.PP
+<allow own_prefix="a.b"/> allows you to own the name "a.b" or any
+name whose first dot-separated elements are "a.b": in particular,
+you can own "a.b.c" or "a.b.c.d", but not "a.bc" or "a.c".
+This is useful when services like Telepathy and ReserveDevice
+define a meaning for subtrees of well-known names, such as
+org.freedesktop.Telepathy.ConnectionManager.(anything)
+and org.freedesktop.ReserveDevice1.(anything).
+
+.PP
It does not make sense to deny a user or group inside a <policy>
for a user or group; user/group denials can only be inside
context="default" or context="mandatory" policies.