eruffaldi/writehere.sb

## writehere.sb
(version 1)
(deny default)
(allow file-read*)
(allow process-exec)
(allow sysctl-read)
(allow signal)
(allow file-write* (regex (string-append "^" (regex-quote (param "target")) ".*")))

## writehere.sh
#/bin/bash
target=$1
shift 1
P=$(dirname $(realpath -s ${BASH_SOURCE[0]}))
sandbox-exec -f $P/writethere.sb -Dtarget=$target $*
	(version 1)
	(deny default)
	(allow file-read*)
	(allow process-exec)
	(allow sysctl-read)
	(allow signal)
	(allow file-write* (regex (string-append "^" (regex-quote (param "target")) ".*")))
	#/bin/bash
	target=$1
	shift 1
	P=$(dirname $(realpath -s ${BASH_SOURCE[0]}))
	sandbox-exec -f $P/writethere.sb -Dtarget=$target $*