Open krokodyl1220 opened 1 year ago
Thanks for taking the time to test and report, much appreciated.
include disable-devel.inc # Broke the cmake extension include disable-interpreters.inc # Disabled acces to python from terminal
Both these includes don't make much sense in VS Code, we'll keep them disabled.
include disable-exec.inc # Broke the cpptools extension
Adding ignore noexec ${HOME}
and maybe also ignore noexec ${RUNUSER}
should cover this.
include disable-xdg.inc # Breaks access to ~/Documents
An additional whitelist ${DOCUMENTS}
could take care of that. But as your other remarks indicate, it seems that trying to implement a whitelisting profile for VS Code is probably not a very good idea.
Let's wait a bit to give fellow collaborators the time to reflect on your observations. In any case we have a much better view on the best way forward now thanks to your efforts.
Regards
noexec ${HOME}
The rest sounds leggit.
As a follow-up from the previous issue I wanted to report on configuration from the
code
profile. For reference, these are the lines from the default profile (as of 0.9.72) fromcode.profile
:My test scenario / use case for verification:
firecfg
In my code.local file I also added hardening options from the previous discussions:
Below is the list of options that I enabled and did not notice any issues during a few days of work:
Below is the list of options that have some side-effects when using VS Code as a full IDE, but may be suitable if one is to use the software only as a text editor:
And finally, below is the list of options that have undesireable effects:
If any more information or testing is required please let me know.