[MacPorts] #39850: Sandbox denies access when prefix/portdbpath not normalised
MacPorts
noreply at macports.org
Sat Mar 22 14:06:06 PDT 2014
#39850: Sandbox denies access when prefix/portdbpath not normalised
-------------------------+----------------------------
Reporter: jwhowse4@… | Owner: cal@…
Type: defect | Status: closed
Priority: Normal | Milestone: MacPorts 2.3.0
Component: base | Version: 2.2.0
Resolution: fixed | Keywords:
Port: |
-------------------------+----------------------------
Comment (by cal@…):
Unfortunately there's close to no documentation on this form Apple at all.
I assume it is considered a private API by Apple. There is a little
community-generated documentation that was (I assume used) while
implementing this feature for MacPorts:
- http://reverse.put.as/2011/09/14/apple-sandbox-guide-v1-0/
- http://ilostmynotes.blogspot.de/2011/11/howto-write-os-x-seatbelt-
sandbox.html
- the scripts in `/usr/share/sandbox/`.
The implementation in MacPorts is mostly in
- browser:trunk/base/src/port1.0/portsandbox.tcl, which sets up the
sandbox profile string and
- browser:trunk/base/src/pexlib1.0/system.c, which prepends every command
to be executed by a Portfile with sandbox-exec -p $profilestring.
--
Ticket URL: <https://trac.macports.org/ticket/39850#comment:73>
MacPorts <http://www.macports.org/>
Ports system for OS X
More information about the macports-tickets
mailing list