diff options
author | Michael DeHaan <mdehaan@redhat.com> | 2008-11-21 11:50:33 -0500 |
---|---|---|
committer | Michael DeHaan <mdehaan@redhat.com> | 2008-11-21 11:50:33 -0500 |
commit | bb183d4409c7d068faa9c5e366b17bddd2fda0d3 (patch) | |
tree | e0ae63a9d97eb3280aeea6d5f9250374556e8602 /installer_templates | |
parent | 318a3aea7d8310d90bd1125a0b59ff270b7da506 (diff) | |
download | cobbler-bb183d4409c7d068faa9c5e366b17bddd2fda0d3.tar.gz cobbler-bb183d4409c7d068faa9c5e366b17bddd2fda0d3.tar.xz cobbler-bb183d4409c7d068faa9c5e366b17bddd2fda0d3.zip |
Allow the legal list of modules to be imported to be defined in the settings file.
Diffstat (limited to 'installer_templates')
-rw-r--r-- | installer_templates/settings.template | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/installer_templates/settings.template b/installer_templates/settings.template index 3945f039..2079877b 100644 --- a/installer_templates/settings.template +++ b/installer_templates/settings.template @@ -29,6 +29,18 @@ allow_duplicate_macs: 0 # the path to BIND's executable for this distribution. bind_bin: /usr/sbin/named +# Cheetah-language kickstart templates can import Python modules. +# while this is a useful feature, it is not safe to allow them to +# import anything they want. This whitelists which modules can be +# imported through Cheetah. Users can expand this as needed but +# should never allow modules such as subprocess or those that +# allow access to the filesystem as Cheetah templates are evaluated +# by cobblerd as code. +cheetah_import_whitelist: + - "random" + - "re" + - "time" + # if no kickstart is specified, use this template (FIXME) default_kickstart: /etc/cobbler/default.ks |