diff options
| author |  Johannes Christ <[email protected]> | 2024-08-27 19:53:21 +0200 |
|---|---|---|
| committer | Johannes Christ <[email protected]> | 2024-08-27 19:53:21 +0200 |
| commit | b36c9d63c494aceb79dec19bac572f6e3c2a5a97 (patch) | |
| tree | 972d916fe94b85451e201c808009a5457da36ae6 | |
| parent | Allow proper access for /dev/shm (diff) | |
Add commented out paths for Ansiblev0.1.0a7
| -rw-r--r-- | poetry_restrict_plugin/plugin.py | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/poetry_restrict_plugin/plugin.py b/poetry_restrict_plugin/plugin.py index 998743f..7b80acc 100644 --- a/poetry_restrict_plugin/plugin.py +++ b/poetry_restrict_plugin/plugin.py @@ -114,6 +114,11 @@ class RestrictPlugin(Plugin): rules=FSAccess.READ_FILE, ) + # # Usage of Ansible with DEFAULT_LOCAL_TMP + # ruleset.allow(*existing_paths((os.path.expanduser("~/.ansible/tmp"),))) + # ruleset.allow("/etc/passwd", rules=FSAccess.READ_FILE) + # ruleset.allow(*existing_paths((os.path.expanduser("~/.ssh/known_hosts"),)), rules=FSAccess.READ_FILE) + # Allow manipulation of files in our projects, e.g. for linters. # We might need to check this more thoroughly. For instance, configuring custom # filter programs in gitattributes might allow a sandbox escape. |