diff options
| author | Derrick Stolee <derrickstolee@github.com> | 2022-04-13 17:32:31 +0200 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2022-04-13 21:42:51 +0200 |
| commit | 0f85c4a30b072a26d74af8bbf63cc8f6a5dfc1b8 (patch) | |
| tree | 8bbeb9a92eefc50631e226f50681c0a726b4c62e /Documentation/config/safe.txt | |
| parent | setup: fix safe.directory key not being checked (diff) | |
| download | git-0f85c4a30b072a26d74af8bbf63cc8f6a5dfc1b8.tar.xz git-0f85c4a30b072a26d74af8bbf63cc8f6a5dfc1b8.zip | |
setup: opt-out of check with safe.directory=*
With the addition of the safe.directory in 8959555ce
(setup_git_directory(): add an owner check for the top-level directory,
2022-03-02) released in v2.35.2, we are receiving feedback from a
variety of users about the feature.
Some users have a very large list of shared repositories and find it
cumbersome to add this config for every one of them.
In a more difficult case, certain workflows involve running Git commands
within containers. The container boundary prevents any global or system
config from communicating `safe.directory` values from the host into the
container. Further, the container almost always runs as a different user
than the owner of the directory in the host.
To simplify the reactions necessary for these users, extend the
definition of the safe.directory config value to include a possible '*'
value. This value implies that all directories are safe, providing a
single setting to opt-out of this protection.
Note that an empty assignment of safe.directory clears all previous
values, and this is already the case with the "if (!value || !*value)"
condition.
Signed-off-by: Derrick Stolee <derrickstolee@github.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'Documentation/config/safe.txt')
| -rw-r--r-- | Documentation/config/safe.txt | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/Documentation/config/safe.txt b/Documentation/config/safe.txt index 63597b2df8..6d764fe0cc 100644 --- a/Documentation/config/safe.txt +++ b/Documentation/config/safe.txt @@ -19,3 +19,10 @@ line option `-c safe.directory=<path>`. The value of this setting is interpolated, i.e. `~/<path>` expands to a path relative to the home directory and `%(prefix)/<path>` expands to a path relative to Git's (runtime) prefix. ++ +To completely opt-out of this security check, set `safe.directory` to the +string `*`. This will allow all repositories to be treated as if their +directory was listed in the `safe.directory` list. If `safe.directory=*` +is set in system config and you want to re-enable this protection, then +initialize your list with an empty value before listing the repositories +that you deem safe. |