security: allow rm on /var/tmp and /tmp with approval

Updated command policy to be more nuanced:

BLOCKED (hard block, never allowed):
- rm -rf / (root)
- rm -rf /* (root wildcard)
- rm -rf /home, /etc, /usr, /var/lib, /boot, /root, /bin, /sbin, /lib, /opt

REQUIRE APPROVAL (user must click 'Run'):
- rm -rf /var/tmp/* (Proxmox vzdump temp files)
- rm -rf /tmp/*

This allows AI to suggest cleaning up vzdump temp files while still
protecting against destructive operations on critical paths.
This commit is contained in:
rcourtman 2025-12-21 18:53:08 +00:00
parent 6fe207a094
commit 3e3de5325b

View file

@ -135,17 +135,34 @@ func DefaultPolicy() *CommandPolicy {
// journalctl maintenance (modifies logs / persistent state)
`^journalctl\s+--vacuum`,
`^journalctl\s+--rotate`,
// Temp file cleanup (safe with approval)
`^rm\s+(-rf?|-fr?)\s+/var/tmp/`,
`^rm\s+(-rf?|-fr?)\s+/tmp/`,
},
Blocked: []string{
// Destructive filesystem operations
`rm\s+-rf\s+/`,
// Destructive filesystem operations - block root and critical paths
// Note: /var/tmp and /tmp cleanup is allowed with approval (see RequireApproval)
`rm\s+-rf\s+/$`, // rm -rf / (root)
`rm\s+-rf\s+/\*`, // rm -rf /* (root wildcard)
`rm\s+-rf\s+/home($|\s|/)`, // rm -rf /home
`rm\s+-rf\s+/etc($|\s|/)`, // rm -rf /etc
`rm\s+-rf\s+/usr($|\s|/)`, // rm -rf /usr
`rm\s+-rf\s+/var/lib($|\s|/)`, // rm -rf /var/lib
`rm\s+-rf\s+/boot($|\s|/)`, // rm -rf /boot
`rm\s+-rf\s+/root($|\s|/)`, // rm -rf /root (root home)
`rm\s+-rf\s+/bin($|\s|/)`, // rm -rf /bin
`rm\s+-rf\s+/sbin($|\s|/)`, // rm -rf /sbin
`rm\s+-rf\s+/lib($|\s|/)`, // rm -rf /lib
`rm\s+-rf\s+/opt($|\s|/)`, // rm -rf /opt
`rm\s+--no-preserve-root`,
`mkfs`,
`dd\s+.*of=/dev/`,
`>\s*/dev/sd`,
`>\s*/dev/nvme`,
// System destruction
`shutdown`,
`reboot`,