Skip to content

Commit

Permalink
Make the macOS sandbox stricter to workaround a macOS bug (fixes ocam…
Browse files Browse the repository at this point in the history
  • Loading branch information
kit-ty-kate authored and rjbou committed Sep 2, 2021
1 parent efd6b31 commit 94f1aad
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions src/state/shellscripts/sandbox_exec.sh
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ set -ue
POL='(version 1)(allow default)(deny network*)(deny file-write*)'
POL="$POL"'(allow network* (remote unix))'
POL="$POL"'(allow file-write* (literal "/dev/null") (literal "/dev/dtracehelper"))'
POL="$POL"'(deny file-read* (regex #"^(/private)?/var/folders/"))'

add_mounts() {
if [ -d "$2" ]; then
Expand Down

0 comments on commit 94f1aad

Please sign in to comment.