MacPorts and sandboxing
Clemens Lang
cal at macports.org
Wed Sep 26 12:12:46 PDT 2012
On Thu, Sep 27, 2012 at 02:24:44AM +1000, Joshua Root wrote:
> % sandbox-exec -p '(version 1) (allow default) (deny file* (subpath
> "/usr/local") (subpath "/Library/Frameworks"))' gcc test.c
> cc1: error: /usr/local/include: Operation not permitted
> cc1: error: /Library/Frameworks: Operation not permitted
Ideally, the sandboxing could just pretend /usr/local wasn't there to
begin with? Just denying access unfortunately isn't of any use to us.
--
Clemens Lang
More information about the macports-dev
mailing list