I agree with what you say here, but it's difficult to get exceptions on existing policies. So I was hoping if there was some predictability to this.
On Tuesday, 28 April 2015 16:27:46 UTC+1, Brian Coca wrote: > > I'm not sure that would be too helpful as a strict policy stops being > strict when it allows you to execute code that you can rewrite > underneath it. That is why most of these policies allow you to execute > specific binaries that you cannot change (/bin /usr/bin, etc and > everything inside are normally owned by root). > > For example, you allow me to execute /home/myuser/.ansible/script1.py, > if i can rewrite script1.py to 'rm -rf /' it defeats the purpose of a > strict policy. > > > > > -- > Brian Coca > -- Disclaimer <http://www.critter.be/maildisclaimer> -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/c3322d57-d20d-4709-8d97-36385fa26380%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
