Is there any way to limit write access of the `deno run` execution to its `Deno.makeTempDir` calls?
At the moment, the only way to enable
If there was a way to access the effective global temp root of Deno on the system, at least we could start with
Can anyone think of any other options here?
Deno.makeTempDir() seem to either using --allow-write (writing to any file/dir path), or explicitly creating and maintaining a root temp folder and update all Deno.makeTempDir calls with a { dir: $MY_ROOT_TEMP_DIR } option.If there was a way to access the effective global temp root of Deno on the system, at least we could start with
--allow-write=DENO_TEMP_ROOT, where DENO_TEMP_ROOT would be set via a denoCan anyone think of any other options here?
