Let us say that we want a slightly more relaxed policy than the standard RExec class. For example, if we're willing to allow files in "/tmp" to be written, we can subclass the RExec class:
class TmpWriterRExec(rexec.RExec): def r_open(self, file, mode='r', buf=-1): if mode in ('r', 'rb'): pass elif mode in ('w', 'wb', 'a', 'ab'): # check filename : must begin with /tmp/ if file[:5]!='/tmp/': raise IOError, "can't write outside /tmp" elif (string.find(file, '/../') >= 0 or file[:3] == '../' or file[-3:] == '/..'): raise IOError, "'..' in filename forbidden" else: raise IOError, "Illegal open() mode" return open(file, mode, buf)