pub const DEFAULT_SENSITIVE_PATHS: &[&str];Expand description
Default sensitive paths that should be blocked from sandboxed processes.
Following the field guide’s warning about “policy leakage”: “If your sandbox can read ~/.ssh or mount host volumes, it can leak credentials.”