* use syslog filter instead of grep.
* output sandbox log to stdout when verbose and failed.
* output nothing if sandbox log is empty.
ClosesHomebrew/homebrew#43325.
Signed-off-by: Xu Cheng <xucheng@me.com>
Long term it would be nice to sandbox everything that writes to DerivedData
but it is essentially a cache directory of sorts.
The downside of allowing stuff to write there particularly is that DerivedData
is notoriously bad at getting cleaned up, so if you do a lot of Xcode-using
installations very quickly, you can chew your disk space up.
ClosesHomebrew/homebrew#43276.
Signed-off-by: Dominyk Tiller <dominyktiller@gmail.com>
