aboutsummaryrefslogtreecommitdiffstats
path: root/.gitignore
diff options
context:
space:
mode:
authorJake Hunsaker <jhunsake@redhat.com>2021-01-06 12:51:38 -0500
committerJake Hunsaker <jhunsake@redhat.com>2021-01-13 13:12:27 -0500
commit0f74186752d85d80006187261e9bdb8b104a05fe (patch)
treedbb8534d027023fc521122135eeaac9f564fe961 /.gitignore
parent5fb859f52a5a77657d509c7f4d3590fdca694931 (diff)
downloadsos-0f74186752d85d80006187261e9bdb8b104a05fe.tar.gz
[Policy] Add policy-controlled forbidden paths
This adds policy-controlled forbidden path checking, which should be the final part of implementing "global" forbidden paths. With this commit, policies may now add paths and glob matches for paths which should never be collected in any plugin. Combined with plugin-defined paths and user-defined paths already available, plugins should now be able to be properly restricted from sensitive collections. Note that the way this is implemented is that policies that define the `set_forbidden_paths()` classmethod *extend* this forbidden list as it is built from the subclass(es) that also define one. This way, "top-level" policies do not need to maintain independent copies of entire trees of paths just to add a few specific additional ones that are not forbidden within other policies. This initial commit adds paths that are either very well-known to be ones we should avoid, or are paths that have previously been part of reported issues where these paths/files should not be collected. Closes: #316 Closes: #796 Closes: #919 Closes: #1316 Resolves: #2360 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
Diffstat (limited to '.gitignore')
0 files changed, 0 insertions, 0 deletions