[Openmcl-devel] Lisp in Leopard
Bill St. Clair
wws at clozure.com
Tue Oct 30 06:27:03 PDT 2007
In reading John Siracusa's review of Leopard (
http://arstechnica.com/reviews/os/mac-os-x-10-5.ars/ ), I encountered
a reference to the sandbox definitions in /usr/share/sandbox .
Interestingly, to this lisp weenie, they're encoded in lisp-like
syntax. For example, here's /usr/share/sandbox/bsd.sb :
;;
;; common rules for various BSD daemons
;; Copyright (c) 2007 Apple Inc. All Rights reserved.
;;
;; WARNING: The sandbox rules in this file currently constitute
;; Apple System Private Interface and are subject to change at any time and
;; without notice. The contents of this file are also auto-generated and not
;; user editable; it may be overwritten at any time.
;;
(version 1)
(debug deny)
(define (bsd.traverse-symlinks)
(allow file-read-metadata))
(define (bsd.dylibs-and-frameworks)
(allow file-read-data file-write-data
(regex
; Allow files accessed by system dylibs and frameworks
#"^/dev/null$"
#"^(/private)?/var/run/syslog$"
#"^/dev/u?random$"
#"^/dev/dtracehelper$"
#"/\.CFUserTextEncoding$"
#"^(/private)?/etc/localtime$"
#"^/usr/share/nls/"
#"^/usr/share/zoneinfo/"))
(allow file-read-data file-read-metadata
(regex
; Allow reading system dylibs and frameworks
#"^/usr/lib/.*\.dylib$"
#"^/System/"))
(allow ipc-posix-shm) ; Libnotify
)
(bsd.traverse-symlinks)
(bsd.dylibs-and-frameworks)
More information about the Openmcl-devel
mailing list