Class: Sandbox::SandboxProfile Private
- Defined in:
This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.
Configuration profile for a sandbox.
Constant Summary collapse
- SEATBELT_ERB =
This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.
<<~ERB (version 1) (debug deny) ; log all denied operations to /var/log/system.log <%= rules.join("\n") %> (allow file-write* (literal "/dev/ptmx") (literal "/dev/dtracehelper") (literal "/dev/null") (literal "/dev/random") (literal "/dev/zero") (regex #"^/dev/fd/[0-9]+$") (regex #"^/dev/tty[a-z0-9]*$") ) (deny file-write*) ; deny non-allowlist file write operations (allow process-exec (literal "/bin/ps") (with no-sandbox) ) ; allow certain processes running without sandbox (allow default) ; allow everything else ERB