Add commented out paths for Ansiblev0.1.0a7

author: Johannes Christ <[email protected]> 2024-08-27 19:53:21 +0200
committer: Johannes Christ <[email protected]> 2024-08-27 19:53:21 +0200
commit: b36c9d63c494aceb79dec19bac572f6e3c2a5a97 (patch)
tree: 972d916fe94b85451e201c808009a5457da36ae6 /poetry_restrict_plugin
parent: Allow proper access for /dev/shm (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/poetry_restrict_plugin/plugin.py b/poetry_restrict_plugin/plugin.py
index 998743f..7b80acc 100644
--- a/poetry_restrict_plugin/plugin.py
+++ b/poetry_restrict_plugin/plugin.py
@@ -114,6 +114,11 @@ class RestrictPlugin(Plugin):
                 rules=FSAccess.READ_FILE,
             )
 
+        # # Usage of Ansible with DEFAULT_LOCAL_TMP
+        # ruleset.allow(*existing_paths((os.path.expanduser("~/.ansible/tmp"),)))
+        # ruleset.allow("/etc/passwd", rules=FSAccess.READ_FILE)
+        # ruleset.allow(*existing_paths((os.path.expanduser("~/.ssh/known_hosts"),)), rules=FSAccess.READ_FILE)
+
         # Allow manipulation of files in our projects, e.g. for linters.
         # We might need to check this more thoroughly. For instance, configuring custom
         # filter programs in gitattributes might allow a sandbox escape.
author	Johannes Christ <[email protected]>	2024-08-27 19:53:21 +0200
committer	Johannes Christ <[email protected]>	2024-08-27 19:53:21 +0200
commit	b36c9d63c494aceb79dec19bac572f6e3c2a5a97 (patch)
tree	972d916fe94b85451e201c808009a5457da36ae6 /poetry_restrict_plugin
parent	Allow proper access for /dev/shm (diff)