diff options
author | James Elford <james.p.elford@gmail.com> | 2018-03-31 09:10:37 +0100 |
---|---|---|
committer | James Elford <james.p.elford@gmail.com> | 2018-03-31 09:11:52 +0100 |
commit | b470715f390e2e87dae000dfeda1001629235fc7 (patch) | |
tree | 45453b2755306eab6abac586754d7053e5c3ce6d /etc | |
parent | gimp fixup (diff) | |
download | firejail-b470715f390e2e87dae000dfeda1001629235fc7.tar.gz firejail-b470715f390e2e87dae000dfeda1001629235fc7.tar.zst firejail-b470715f390e2e87dae000dfeda1001629235fc7.zip |
AWS and GCP store credentials in local directories as part of project setup.
Configuration for cloud providers is sensitive information; it should be
in the default block list. I didn't see profiles for gcloud or awscli,
so haven't added any exclusions.
boto and kubectl are not provider-specific, but also store credentials for
whichever platforms they happen to be being used with.
Diffstat (limited to 'etc')
-rw-r--r-- | etc/disable-common.inc | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index e5de0b61f..0f605b933 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
@@ -297,6 +297,13 @@ blacklist /etc/ssh | |||
297 | blacklist /home/.ecryptfs | 297 | blacklist /home/.ecryptfs |
298 | blacklist /var/backup | 298 | blacklist /var/backup |
299 | 299 | ||
300 | # cloud provider configuration | ||
301 | blacklist ${HOME}/.aws | ||
302 | blacklist ${HOME}/.boto | ||
303 | blacklist /etc/boto.cfg | ||
304 | blacklist ${HOME}/.config/gcloud | ||
305 | blacklist ${HOME}/.kube | ||
306 | |||
300 | # system directories | 307 | # system directories |
301 | blacklist /sbin | 308 | blacklist /sbin |
302 | blacklist /usr/local/sbin | 309 | blacklist /usr/local/sbin |