Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Sandboxed Build for Cross-compilation
(version 1)
(deny default)
(allow sysctl-read)
(allow signal)
(allow process-exec)
(allow process-fork)
(allow mach* sysctl-read)
(allow file-read* (regex "^.*"))
(deny file-read* (regex "^/usr/local/include.*") (regex "^/usr/include.*"))
(allow file-write* (regex (string-append "^/tmp/.*")) (regex (string-append "^" (regex-quote (param "target")) ".*")) )
# allowedpath command [args...]
shift 1
P=$(dirname $(realpath -s ${BASH_SOURCE[0]}))
sandbox-exec -f $P/ -Dtarget=$target $*
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment