admin/brew
1
0
Fork 0
Code Issues Packages Projects Releases 6 Wiki Activity

sandbox: allow certain processes running without sandbox

Browse Source
This commit is contained in:
Xu Cheng 2015-09-15 11:46:56 +08:00
parent 10ab92114e
commit a0372e97d8
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Library/Homebrew/sandbox.rb
View File

@ -152,6 +152,10 @@ class Sandbox
(regex #"^/dev/ttys?[0-9]*$") (regex #"^/dev/ttys?[0-9]*$")
) )
(deny file-write*) ; deny non-whitelist file write operations (deny file-write*) ; deny non-whitelist file write operations
(allow process-exec
(literal "/bin/ps")
(with no-sandbox)
) ; allow certain processes running without sandbox
(allow default) ; allow everything else (allow default) ; allow everything else
EOS EOS