diff options
| author |  James Elford <james.p.elford@gmail.com> | 2018-03-31 09:10:37 +0100 |
|---|---|---|
| committer | James Elford <james.p.elford@gmail.com> | 2018-03-31 09:11:52 +0100 |
| commit | b470715f390e2e87dae000dfeda1001629235fc7 (patch) | |
| tree | 45453b2755306eab6abac586754d7053e5c3ce6d /etc | |
| parent | gimp fixup (diff) | |
| download | firejail-b470715f390e2e87dae000dfeda1001629235fc7.tar.gz firejail-b470715f390e2e87dae000dfeda1001629235fc7.tar.zst firejail-b470715f390e2e87dae000dfeda1001629235fc7.zip | |
AWS and GCP store credentials in local directories as part of project setup.
Configuration for cloud providers is sensitive information; it should be
in the default block list. I didn't see profiles for gcloud or awscli,
so haven't added any exclusions.
boto and kubectl are not provider-specific, but also store credentials for
whichever platforms they happen to be being used with.
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/disable-common.inc | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index e5de0b61f..0f605b933 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
| @@ -297,6 +297,13 @@ blacklist /etc/ssh | |||
| 297 | blacklist /home/.ecryptfs | 297 | blacklist /home/.ecryptfs |
| 298 | blacklist /var/backup | 298 | blacklist /var/backup |
| 299 | 299 | ||
| 300 | # cloud provider configuration | ||
| 301 | blacklist ${HOME}/.aws | ||
| 302 | blacklist ${HOME}/.boto | ||
| 303 | blacklist /etc/boto.cfg | ||
| 304 | blacklist ${HOME}/.config/gcloud | ||
| 305 | blacklist ${HOME}/.kube | ||
| 306 | |||
| 300 | # system directories | 307 | # system directories |
| 301 | blacklist /sbin | 308 | blacklist /sbin |
| 302 | blacklist /usr/local/sbin | 309 | blacklist /usr/local/sbin |