Is there any way to limit write access of the `deno run` execution to its `Deno.makeTempDir` calls?
At the moment, the only way to enable
Deno.makeTempDir() seem to either using --allow-write (writing to any file/dir path), or explicitly creating and maintaining a root temp folder and update all Deno.makeTempDir calls with a { dir: $MY_ROOT_TEMP_DIR } option.
If there was a way to access the effective global temp root of Deno on the system, at least we could start with --allow-write=DENO_TEMP_ROOT, where DENO_TEMP_ROOT would be set via a deno call.
Can anyone think of any other options here?0 Replies