diff options
author | Jake Hunsaker <jhunsake@redhat.com> | 2021-01-06 12:51:38 -0500 |
---|---|---|
committer | Jake Hunsaker <jhunsake@redhat.com> | 2021-01-13 13:12:27 -0500 |
commit | 0f74186752d85d80006187261e9bdb8b104a05fe (patch) | |
tree | dbb8534d027023fc521122135eeaac9f564fe961 /man | |
parent | 5fb859f52a5a77657d509c7f4d3590fdca694931 (diff) | |
download | sos-0f74186752d85d80006187261e9bdb8b104a05fe.tar.gz |
[Policy] Add policy-controlled forbidden paths
This adds policy-controlled forbidden path checking, which
should be the final part of implementing "global" forbidden paths. With
this commit, policies may now add paths and glob matches for paths which
should never be collected in any plugin.
Combined with plugin-defined paths and user-defined paths already
available, plugins should now be able to be properly restricted from
sensitive collections.
Note that the way this is implemented is that policies that define the
`set_forbidden_paths()` classmethod *extend* this forbidden list as it
is built from the subclass(es) that also define one. This way,
"top-level" policies do not need to maintain independent copies of
entire trees of paths just to add a few specific additional ones that
are not forbidden within other policies.
This initial commit adds paths that are either very well-known to be
ones we should avoid, or are paths that have previously been part of
reported issues where these paths/files should not be collected.
Closes: #316
Closes: #796
Closes: #919
Closes: #1316
Resolves: #2360
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
Diffstat (limited to 'man')
0 files changed, 0 insertions, 0 deletions