santa
santa copied to clipboard
Unable to set the configuration element enable_transitive_rules using santactl
Using santactl
, a root user is able to add a rule to add a binary to a transitive allowlist however these rules are ignored unless EnableTransitiveRules
is set to true. Currently this configuration element can only be set using a sync server.
# santactl rule --compiler --identifer 2ZEFAR8TH3:com.jetbrains.rider --signingID
Added rule for (Unknown type): 2ZEFAR8TH3:com.jetbrains.rider.
# santactl rule --export
{
"custom_msg" : "",
"rule_type" : "SIGNINGID",
"identifer" : "2ZEFAR8TH3:com.jetbrains.rider",
"custom_url" : "",
"policy" : "ALLOWLIST_COMPILER"
}
A reasonable person might assume that if a user can use santactl
to add a specific binary to the ALLOWLIST_COMPILER policy, they should also be able to enable the feature using santactl
.