sandbox: allow certain processes running without sandbox

author: Xu Cheng 2015-09-15 11:46:56 +0800
committer: Xu Cheng 2015-09-15 11:48:38 +0800
commit: a0372e97d8967891abe9822f0505ef6ad4b174fb (patch)
tree: 6d905abc4ec769a2025b4df621591a287b0e84d6
parent: 10ab92114e6cf783936504265edf8a11c62e5adf (diff)
download: brew-a0372e97d8967891abe9822f0505ef6ad4b174fb.tar.bz2
1 files changed, 4 insertions, 0 deletions
diff --git a/Library/Homebrew/sandbox.rb b/Library/Homebrew/sandbox.rb
index 9054372bf..e847744ad 100644
--- a/Library/Homebrew/sandbox.rb
+++ b/Library/Homebrew/sandbox.rb
@@ -152,6 +152,10 @@ class Sandbox
           (regex #"^/dev/ttys?[0-9]*$")
           )
       (deny file-write*) ; deny non-whitelist file write operations
+      (allow process-exec
+          (literal "/bin/ps")
+          (with no-sandbox)
+          ) ; allow certain processes running without sandbox
       (allow default) ; allow everything else
     EOS
author	Xu Cheng	2015-09-15 11:46:56 +0800
committer	Xu Cheng	2015-09-15 11:48:38 +0800
commit	a0372e97d8967891abe9822f0505ef6ad4b174fb (patch)
tree	6d905abc4ec769a2025b4df621591a287b0e84d6
parent	10ab92114e6cf783936504265edf8a11c62e5adf (diff)
download	brew-a0372e97d8967891abe9822f0505ef6ad4b174fb.tar.bz2