diff options
| author | grian <54550982+grian32@users.noreply.github.com> | 2021-06-10 13:49:24 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-06-10 06:49:24 -0400 |
| commit | fb20a6af761c8eb61a046b4c70e28061923e36ca (patch) | |
| tree | 11ba99c657e0ad5b421cbabf87a17a9327cf6414 /docs/getting_started | |
| parent | 67690b78bda16b90c0b9b79e369eb67eb3a9822a (diff) | |
docs: specify that allow-env and allow-run can have allow lists (#10918)
Diffstat (limited to 'docs/getting_started')
| -rw-r--r-- | docs/getting_started/permissions.md | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/docs/getting_started/permissions.md b/docs/getting_started/permissions.md index c59bb3aaa..aba591100 100644 --- a/docs/getting_started/permissions.md +++ b/docs/getting_started/permissions.md @@ -18,8 +18,10 @@ deno run --allow-read mod.ts The following permissions are available: - **-A, --allow-all** Allow all permissions. This disables all security. -- **--allow-env** Allow environment access for things like getting and setting - of environment variables. +- **--allow-env=\<allow-env\>** Allow environment access for things like getting + and setting of environment variables. Since Deno 1.9, you can specify a + optional, comma-separated list of environment variables to provide an + allow-list of allowed environment variables. - **--allow-hrtime** Allow high-resolution time measurement. High-resolution time can be used in timing attacks and fingerprinting. - **--allow-net=\<allow-net\>** Allow network access. You can specify an @@ -30,9 +32,11 @@ The following permissions are available: - **--allow-read=\<allow-read\>** Allow file system read access. You can specify an optional, comma-separated list of directories or files to provide an allow-list of allowed file system access. -- **--allow-run** Allow running subprocesses. Be aware that subprocesses are not - run in a sandbox and therefore do not have the same security restrictions as - the deno process. Therefore, use with caution. +- **--allow-run=\<allow-run\>**Allow running subprocesses. Since Deno 1.9, You + can specify an options, comma-separated list of subprocesses to provide an + allow-list of allowed subprocesses. Be aware that subprocesses are not run in + a sandbox and therefore do not have the same security restrictions as the deno + process. Therefore, use with caution. - **--allow-write=\<allow-write\>** Allow file system write access. You can specify an optional, comma-separated list of directories or files to provide an allow-list of allowed file system access. |