Skip to content

Commit

Permalink
Make the macOS sandbox stricter to workaround a macOS bug (fixes #4389)
Browse files Browse the repository at this point in the history
  • Loading branch information
@kit-ty-kate @rjbou
kit-ty-kate authored and rjbou committed Sep 13, 2021
1 parent 78093ea commit 9c74a64
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions src/state/shellscripts/sandbox_exec.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ set -ue
POL='(version 1)(allow default)(deny network*)(deny file-write*)'
POL="$POL"'(allow network* (remote unix))'
POL="$POL"'(allow file-write* (literal "/dev/null") (literal "/dev/dtracehelper"))'
POL="$POL"'(deny file-read* (regex #"^(/private)?/var/folders/"))'

add_mounts() {
if [ -d "$2" ]; then
Expand Down

0 comments on commit 9c74a64

Please sign in to comment.