From a0372e97d8967891abe9822f0505ef6ad4b174fb Mon Sep 17 00:00:00 2001
From: Xu Cheng <xucheng@me.com>
Date: Tue, 15 Sep 2015 11:46:56 +0800
Subject: [PATCH] sandbox: allow certain processes running without sandbox

---
 Library/Homebrew/sandbox.rb | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Library/Homebrew/sandbox.rb b/Library/Homebrew/sandbox.rb
index 9054372bf2..e847744ad0 100644
--- a/Library/Homebrew/sandbox.rb
+++ b/Library/Homebrew/sandbox.rb
@@ -152,6 +152,10 @@ class Sandbox
           (regex #"^/dev/ttys?[0-9]*$")
           )
       (deny file-write*) ; deny non-whitelist file write operations
+      (allow process-exec
+          (literal "/bin/ps")
+          (with no-sandbox)
+          ) ; allow certain processes running without sandbox
       (allow default) ; allow everything else
     EOS