-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathconfig_default_unix.go
More file actions
42 lines (38 loc) · 1.04 KB
/
config_default_unix.go
File metadata and controls
42 lines (38 loc) · 1.04 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
//go:build !windows
package agentbox
import "path/filepath"
// defaultDenyWritePaths returns the default list of paths to deny write access to
// on Unix-like systems (Linux, macOS, BSDs).
func defaultDenyWritePaths(home string) []string {
return []string{
home,
"/etc",
"/usr",
"/bin",
"/sbin",
"/lib",
"/lib64",
"/boot",
"/opt",
"/sys",
}
}
// defaultDenyReadPaths returns the default list of paths to deny read access to
// on Unix-like systems. These are typically credential or sensitive configuration
// directories within the user's home directory, plus kernel memory interfaces.
func defaultDenyReadPaths(home string) []string {
return []string{
filepath.Join(home, ".ssh"),
filepath.Join(home, ".aws"),
filepath.Join(home, ".gnupg"),
filepath.Join(home, ".git-credentials"),
filepath.Join(home, ".npmrc"),
filepath.Join(home, ".netrc"),
filepath.Join(home, ".docker"),
filepath.Join(home, ".pypirc"),
filepath.Join(home, ".kube"),
filepath.Join(home, ".config", "gcloud"),
"/proc/*/mem",
"/sys",
}
}