MacPorts and sandboxing
Jordan K. Hubbard
jkh at apple.com
Thu Sep 27 01:34:22 PDT 2012
Yeah, I get that. I'm looking to see if there's some way of making /usr/local more of an ENOENT than an EPERM sort of lookup.
On Sep 26, 2012, at 9:12 AM, Clemens Lang <cal at macports.org> wrote:
> On Thu, Sep 27, 2012 at 02:24:44AM +1000, Joshua Root wrote:
>> % sandbox-exec -p '(version 1) (allow default) (deny file* (subpath
>> "/usr/local") (subpath "/Library/Frameworks"))' gcc test.c
>> cc1: error: /usr/local/include: Operation not permitted
>> cc1: error: /Library/Frameworks: Operation not permitted
>
> Ideally, the sandboxing could just pretend /usr/local wasn't there to
> begin with? Just denying access unfortunately isn't of any use to us.
>
> --
> Clemens Lang
>
> _______________________________________________
> macports-dev mailing list
> macports-dev at lists.macosforge.org
> http://lists.macosforge.org/mailman/listinfo/macports-dev
More information about the macports-dev
mailing list