security
/
fortify
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 14 Wiki Activity

app: filter /tmp from permissive default 

Tmpdir is bind mounted over further along in execution so there is no point sharing it here.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
This commit is contained in:
Ophestra Umiker 2024-10-15 02:54:50 +09:00
parent 2faf510146
commit aa5dd2313c
Signed by: cat
SSH Key Fingerprint: SHA256:gQ67O0enBZ7UdZypgtspB2FDM1g3GVw8nX0XSdcFw8Q
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
internal/app/seal.go
View File

@ -134,6 +134,7 @@ func (a *app) Seal(config *Config) error {
case "proc": case "proc":
case "dev": case "dev":
case "run": case "run":
case "tmp":
case "mnt": case "mnt":
default: default:
p := "/" + name p := "/" + name