Skip to content

Commit

Permalink
policies: allow /{usr,var}/local/bin paths
Browse files Browse the repository at this point in the history 
Signed-off-by: Lukas Zapletal <[email protected]>
  • Loading branch information
@lzap @supakeen
lzap authored and supakeen committed Mar 22, 2024
1 parent e00940b commit c8ff1f0
Showing 1 changed file with 9 additions and 7 deletions.
16 changes: 9 additions & 7 deletions pkg/policies/policies.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,13 +42,15 @@ var CustomDirectoriesPolicies = pathpolicy.NewPathPolicies(map[string]pathpolicy

// CustomFilesPolicies is a set of default policies for custom files
var CustomFilesPolicies = pathpolicy.NewPathPolicies(map[string]pathpolicy.PathPolicy{
"/": {Deny: true},
"/etc": {},
"/root": {},
"/etc/fstab": {Deny: true},
"/etc/shadow": {Deny: true},
"/etc/passwd": {Deny: true},
"/etc/group": {Deny: true},
"/": {Deny: true},
"/etc": {},
"/root": {},
"/usr/local/bin": {},
"/usr/local/sbin": {},
"/etc/fstab": {Deny: true},
"/etc/shadow": {Deny: true},
"/etc/passwd": {Deny: true},
"/etc/group": {Deny: true},
})

// MountpointPolicies for ostree
Expand Down

0 comments on commit c8ff1f0

Please sign in to comment.