diff options
| author | Xu Cheng | 2015-05-10 17:39:53 +0800 |
|---|---|---|
| committer | Xu Cheng | 2015-05-10 17:39:53 +0800 |
| commit | 64c092708747eb6d989430ba947b9378b5aab59e (patch) | |
| tree | 6588a4df2d46b0ff6c317975065e30d31ad1035d /Library/Homebrew/sandbox.rb | |
| parent | a80c2ae06f30002d38cfbc505de6de9b84820ef9 (diff) | |
| download | brew-64c092708747eb6d989430ba947b9378b5aab59e.tar.bz2 | |
sandbox: fix the rules
1. `script` (used to fake the tty) requires write access to /dev/ptmx
and /dev/ttys*
2. sandbox profile only accepts `[0-9]` instead of `\d`.
Diffstat (limited to 'Library/Homebrew/sandbox.rb')
| -rw-r--r-- | Library/Homebrew/sandbox.rb | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/Library/Homebrew/sandbox.rb b/Library/Homebrew/sandbox.rb index f8988eef0..ab9f5f16f 100644 --- a/Library/Homebrew/sandbox.rb +++ b/Library/Homebrew/sandbox.rb @@ -110,10 +110,11 @@ class Sandbox (debug deny) ; log all denied operations to /var/log/system.log <%= rules.join("\n") %> (allow file-write* + (literal "/dev/ptmx") (literal "/dev/dtracehelper") (literal "/dev/null") - (regex #"^/dev/fd/\\d+$") - (regex #"^/dev/tty\\d*$") + (regex #"^/dev/fd/[0-9]+$") + (regex #"^/dev/ttys?[0-9]*$") ) (deny file-write*) ; deny non-whitelist file write operations (allow default) ; allow everything else |