Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

profiles: improvements to profiles using private #5946

Merged
merged 1 commit into from
Aug 11, 2023
Merged

profiles: improvements to profiles using private #5946

merged 1 commit into from
Aug 11, 2023

Conversation

glitsj16
Copy link
Collaborator

@glitsj16 glitsj16 commented Aug 8, 2023

As I was recently reminded by @kmk3 to #903 I checked existing profiles for similar issues. This PR fixes whitelisting in ${HOME} and streamlines the reference to #903.

@rusty-snake
Copy link
Collaborator

TBH we should fix #903 instead of adding references to profiles.

@glitsj16
Copy link
Collaborator Author

glitsj16 commented Aug 8, 2023

@kmk3 I totally agree that it would be better to fix #903. It's an outstanding bug for quite a while now and IMO it won't be fixed anytime soon. Anyway, IMO having these comments would make it easier to track which profiles need changes whenever a fix arrives.
Just my $0.2.

kmk3
kmk3 reviewed Aug 9, 2023
View reviewed changes
Copy link
Collaborator

@kmk3 kmk3 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As mentioned here, I think it would make more sense to remove private
for profiles that use paths in ${HOME}.

Also, I'd use # instead of - for comments at the end of the line, to avoid
a syntax error if uncommenting the line (see also #5942).

For the other profiles, if including whitelist-common.inc helps a given
profile, why not drop private? And if it doesn't, why not simply remove it?

They seem to be made for different use cases AFAICT (need to access some vs no
files in the real ${HOME}).

@glitsj16
Copy link
Collaborator Author

@kmk3 Thanks for the argumentation. Looks better now.

@glitsj16 @kmk3
profiles: improvements to profiles using private
eab608f 
Changes:

* comment `include whitelist-common.inc` when using `private`
* drop `private` on profiles that access files in `${HOME}`
* use `#` in comments

Relates to netblue30#903.
@kmk3 kmk3 force-pushed the private-whitelisting branch from f621e1f to eab608f Compare August 10, 2023 22:03
@kmk3 kmk3 changed the title whitelisting in ${HOME} when uing 'private' profiles: improvements to profiles using private Aug 10, 2023
@kmk3
Copy link
Collaborator

kmk3 commented Aug 10, 2023

Note: I'm not sure what the intended behavior would be (copy vs bind-mount) if
whitelisting worked with private, so I'll leave that for #903.

@glitsj16 glitsj16 merged commit a3a41b8 into netblue30:master Aug 11, 2023
@glitsj16 glitsj16 deleted the private-whitelisting branch August 11, 2023 03:54
@rusty-snake
Copy link
Collaborator

@kmk3 #903 is about mkdir. The latest decision on whitelist+private was a2b81da 4909fa7.

kmk3 added a commit that referenced this pull request Mar 25, 2024
@kmk3
RELNOTES: add many profile items
e600fd7 
Relates to #5686 #5700 #5702 #5735 #5763 #5794 #5946 #6218.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kmk3 kmk3 kmk3 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
Release 0.9.74
Status: Done (on RELNOTES)
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@glitsj16 @rusty-snake @kmk3