MacPorts and sandboxing
Joshua Root
jmr at macports.org
Thu Sep 27 22:17:06 PDT 2012
On 2012-9-28 04:31 , Jordan K. Hubbard wrote:
> Yeah, and, after talking to the sandbox gurus at Apple last night it's
> pretty clear that sandboxing is fairly monomaniacal in its focus: It
> just wants to deny things. It doesn't want to hide, redirect or
> otherwise interpose filesystem / other operations, and given all of the
> complexities inherent in the other approaches, that makes sense. Rats.
> It would have been so much simpler if we could have figured out how to
> piggy-back on sandboxing.
It's not a total loss at least. It seems to be working quite nicely to
disallow writes outside the designated places, which among other things
will catch installers bypassing the destroot.
- Josh
More information about the macports-dev
mailing list