vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-06 18:50:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: match bare exec allowlist commands

Browse Source 
Co-authored-by: Kengwei Lu <kengwei@kvvlu.com>
Co-authored-by: ZC <chenzhangcode@163.com>
Co-authored-by: dengluozhang <275862143+dengluozhang@users.noreply.github.com>
This commit is contained in:
Peter Steinberger
2026-04-25 04:18:10 +01:00
parent cb9c927ca6
commit 5699209d00
13 changed files with 147 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/platforms/macos.md
View File

@@ -102,7 +102,7 @@ Example:
Notes:
- `allowlist` entries are glob patterns for resolved binary paths.
- `allowlist` entries are glob patterns for resolved binary paths, or bare command names for PATH-invoked commands.
- Raw shell command text that contains shell control or expansion syntax (`&&`, `||`, `;`, `|`, `` ` ``, `$`, `<`, `>`, `(`, `)`) is treated as an allowlist miss and requires explicit approval (or allowlisting the shell binary).
- Choosing “Always Allow” in the prompt adds that command to the allowlist.
- `system.run` environment overrides are filtered (drops `PATH`, `DYLD_*`, `LD_*`, `NODE_OPTIONS`, `PYTHON*`, `PERL*`, `RUBYOPT`, `SHELLOPTS`, `PS4`) and then merged with the apps environment.