I'm not sure that would be too helpful as a strict policy stops being strict when it allows you to execute code that you can rewrite underneath it. That is why most of these policies allow you to execute specific binaries that you cannot change (/bin /usr/bin, etc and everything inside are normally owned by root).
For example, you allow me to execute /home/myuser/.ansible/script1.py, if i can rewrite script1.py to 'rm -rf /' it defeats the purpose of a strict policy. -- Brian Coca -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAJ5XC8mFFm%2BP-oHEPCQLJAuXyAiiNHRbRU-dwyp_g4dwzcCQwA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
