particle-os/debian-forge-composer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
debian-forge-composer/vendor/github.com/osbuild/images/internal/pathpolicy/policies.go
dependabot[bot] a1e428fc53 build(deps): bump the go-deps group with 10 updates 
Bumps the go-deps group with 10 updates:

| Package | From | To |
| --- | --- | --- |
| [cloud.google.com/go/compute](https://github.com/googleapis/google-cloud-go) | `1.23.1` | `1.23.3` |
| [cloud.google.com/go/storage](https://github.com/googleapis/google-cloud-go) | `1.33.0` | `1.35.1` |
| [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) | `1.45.27` | `1.47.9` |
| [github.com/hashicorp/go-retryablehttp](https://github.com/hashicorp/go-retryablehttp) | `0.7.4` | `0.7.5` |
| [github.com/labstack/echo/v4](https://github.com/labstack/echo) | `4.11.2` | `4.11.3` |
| [github.com/labstack/gommon](https://github.com/labstack/gommon) | `0.4.0` | `0.4.1` |
| [github.com/openshift-online/ocm-sdk-go](https://github.com/openshift-online/ocm-sdk-go) | `0.1.374` | `0.1.385` |
| [github.com/osbuild/images](https://github.com/osbuild/images) | `0.12.0` | `0.15.0` |
| [github.com/spf13/cobra](https://github.com/spf13/cobra) | `1.7.0` | `1.8.0` |
| [golang.org/x/oauth2](https://github.com/golang/oauth2) | `0.13.0` | `0.14.0` |


Updates `cloud.google.com/go/compute` from 1.23.1 to 1.23.3
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/documentai/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.23.1...compute/v1.23.3)

Updates `cloud.google.com/go/storage` from 1.33.0 to 1.35.1
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.33.0...storage/v1.35.1)

Updates `github.com/aws/aws-sdk-go` from 1.45.27 to 1.47.9
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.45.27...v1.47.9)

Updates `github.com/hashicorp/go-retryablehttp` from 0.7.4 to 0.7.5
- [Changelog](https://github.com/hashicorp/go-retryablehttp/blob/main/CHANGELOG.md)
- [Commits](https://github.com/hashicorp/go-retryablehttp/compare/v0.7.4...v0.7.5)

Updates `github.com/labstack/echo/v4` from 4.11.2 to 4.11.3
- [Release notes](https://github.com/labstack/echo/releases)
- [Changelog](https://github.com/labstack/echo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/labstack/echo/compare/v4.11.2...v4.11.3)

Updates `github.com/labstack/gommon` from 0.4.0 to 0.4.1
- [Release notes](https://github.com/labstack/gommon/releases)
- [Commits](https://github.com/labstack/gommon/compare/v0.4.0...v0.4.1)

Updates `github.com/openshift-online/ocm-sdk-go` from 0.1.374 to 0.1.385
- [Release notes](https://github.com/openshift-online/ocm-sdk-go/releases)
- [Changelog](https://github.com/openshift-online/ocm-sdk-go/blob/main/CHANGES.md)
- [Commits](https://github.com/openshift-online/ocm-sdk-go/compare/v0.1.374...v0.1.385)

Updates `github.com/osbuild/images` from 0.12.0 to 0.15.0
- [Release notes](https://github.com/osbuild/images/releases)
- [Commits](https://github.com/osbuild/images/compare/v0.12.0...v0.15.0)

Updates `github.com/spf13/cobra` from 1.7.0 to 1.8.0
- [Release notes](https://github.com/spf13/cobra/releases)
- [Commits](https://github.com/spf13/cobra/compare/v1.7.0...v1.8.0)

Updates `golang.org/x/oauth2` from 0.13.0 to 0.14.0
- [Commits](https://github.com/golang/oauth2/compare/v0.13.0...v0.14.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/compute
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-deps
- dependency-name: cloud.google.com/go/storage
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
- dependency-name: github.com/hashicorp/go-retryablehttp
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-deps
- dependency-name: github.com/labstack/echo/v4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-deps
- dependency-name: github.com/labstack/gommon
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-deps
- dependency-name: github.com/openshift-online/ocm-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-deps
- dependency-name: github.com/osbuild/images
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-11-13 14:26:11 +01:00

48 lines
1.5 KiB
Go
Raw Blame History

package pathpolicy
// MountpointPolicies is a set of default mountpoint policies used for filesystem customizations
var MountpointPolicies = NewPathPolicies(map[string]PathPolicy{
"/": {},
// /etc must be on the root filesystem
"/etc": {Deny: true},
// NB: any mountpoints under /usr are not supported by systemd fstab
// generator in initram before the switch-root, so we don't allow them.
"/usr": {Exact: true},
// API filesystems
"/sys": {Deny: true},
"/proc": {Deny: true},
"/dev": {Deny: true},
"/run": {Deny: true},
// not allowed due to merged-usr
"/bin": {Deny: true},
"/sbin": {Deny: true},
"/lib": {Deny: true},
"/lib64": {Deny: true},
// used by ext filesystems
"/lost+found": {Deny: true},
// used by EFI
"/boot/efi": {Deny: true},
// used by systemd / ostree
"/sysroot": {Deny: true},
// symlink to ../run which is on tmpfs
"/var/run": {Deny: true},
// symlink to ../run/lock which is on tmpfs
"/var/lock": {Deny: true},
})
// CustomDirectoriesPolicies is a set of default policies for custom directories
var CustomDirectoriesPolicies = NewPathPolicies(map[string]PathPolicy{
"/": {Deny: true},
"/etc": {},
})
// CustomFilesPolicies is a set of default policies for custom files
var CustomFilesPolicies = NewPathPolicies(map[string]PathPolicy{
"/": {Deny: true},
"/etc": {},
"/root": {},
"/etc/fstab": {Deny: true},
"/etc/shadow": {Deny: true},
"/etc/passwd": {Deny: true},
"/etc/group": {Deny: true},
})
Reference in a new issue View git blame Copy permalink