I was wondering from security perspective - isn't "Read(~/.ssh/**)" too restrictive? We want to protect accidental key leakage, but with this rule we also prevent reading known_hosts.
and known_hosts is necessary if one wants to do "git push". In sandbox mode my process dies with:
The push failed due to a sandbox restriction on reading ~/.ssh/known_hosts. Let me retry without the sandbox.
What about something like this:
"Read(~/.ssh/id_*)",
"Read(~/.ssh/config)",
"Read(~/.ssh/authorized_keys)",
I was wondering from security perspective - isn't "Read(~/.ssh/**)" too restrictive? We want to protect accidental key leakage, but with this rule we also prevent reading known_hosts.
and known_hosts is necessary if one wants to do "git push". In sandbox mode my process dies with:
What about something like this: