diff options
| -rw-r--r-- | poetry_restrict_plugin/plugin.py | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/poetry_restrict_plugin/plugin.py b/poetry_restrict_plugin/plugin.py index 998743f..7b80acc 100644 --- a/poetry_restrict_plugin/plugin.py +++ b/poetry_restrict_plugin/plugin.py @@ -114,6 +114,11 @@ class RestrictPlugin(Plugin): rules=FSAccess.READ_FILE, ) + # # Usage of Ansible with DEFAULT_LOCAL_TMP + # ruleset.allow(*existing_paths((os.path.expanduser("~/.ansible/tmp"),))) + # ruleset.allow("/etc/passwd", rules=FSAccess.READ_FILE) + # ruleset.allow(*existing_paths((os.path.expanduser("~/.ssh/known_hosts"),)), rules=FSAccess.READ_FILE) + # Allow manipulation of files in our projects, e.g. for linters. # We might need to check this more thoroughly. For instance, configuring custom # filter programs in gitattributes might allow a sandbox escape. |