# GENERATED FILE. DO NOT MODIFY. # # This file is for Jenkins core developers to list what we think are the best filtering rules # for apparently harmless accesses to files on the Jenkins master from slaves. # # To override these rules, place *.conf files by other names into this folder. Files are sorted # before parsed, so using a lower number allows you to override what we have here. This file # gets overwritten every time Jenkins starts. # # See https://jenkins.io/redirect/security-144 for more details. # This directory contains credentials, master encryption keys, and other sensitive information # that slaves have absolutely no business with. # Unless there are rules in other files allowing access to other portions of $JENKINS_HOME, # this rule as it stands here has no effect, because anything left unspecified is rejected. deny all /secrets($|/.*) # User content is publicly readable, so quite safe for slaves to read, too. # (The xunit plugin is known to read from here.) # https://jenkins.io/redirect/user-content-directory allow read,stat /userContent($|/.*) # In the next rule we grant general access under build directories, so first we protect # the actual build record that Jenkins core reads, which nothing should be touching. deny all /build.xml # Similarly for Pipeline build (WorkflowRun) metadata: deny all /program.dat deny all /workflow($|/.*) # Various plugins read/write files under build directories, so allow them all. # - git 1.x writes changelog.xml from the slave (2.x writes from the master so need not be listed) # - analysis-core and plugins based on it write reports to workspace-files/ # - cobertura writes coverage.xml # - violations writes violations.xml and other content under violations/ # - dependency-check writes archive/artifacts.txt # But not allowing deletion to prevent data loss and symlink to prevent jailbreaking. allow create,mkdirs,read,stat,write /.+ # cobertura also writes out annotated sources to a dir under the job: allow create,mkdirs,read,stat,write /jobs/.+/cobertura.* # all the other accesses that aren't specified here will be left up to other rules in this directory. # if no rules in those other files matches, then the access will be rejected.