Read-only network-free command sandbox

ronf.sb

;; Read-only, network-free sandbox
;; Mac OS X 10.7+
;; Restricts file writes and network access for any command run like:
;;   sandbox-exec -f ronf.sb <command>
;; Useful for untrusted programs that should only do computation.

(version 1)
(allow default)
(deny file-write*)
(deny network*)