If we have a HOMEBREW_REPOSITORY and HOMEBREW_PREFIX mismatch (now the
default) then we can block access to the whole of HOMEBREW_REPOSITORY
rather than just the HOMEBREW_LIBRARY and `.git`.
Although `sandbox-exec` is available in 10.5, it has very limit
support on the DSL for sandbox profile file(.sb file). Therefore,
sandbox for Homebrew on 10.5 is broken.
Closes#735.
Signed-off-by: Xu Cheng <git@xuc.me>
Add a new `Sandbox.formula?` method to see if a given formula should be
sandboxed. Use the formula to check its tap against a list of
pre-approved taps where we know every formula builds under the sandbox
(currently just homebrew/core).
Also enables sandbox for --interactive and --debug use of install
and test, using automatic retention.
Closes#66.
Signed-off-by: Andrew Janke <andrew@apjanke.net>
* use syslog filter instead of grep.
* output sandbox log to stdout when verbose and failed.
* output nothing if sandbox log is empty.
ClosesHomebrew/homebrew#43325.
Signed-off-by: Xu Cheng <xucheng@me.com>
Long term it would be nice to sandbox everything that writes to DerivedData
but it is essentially a cache directory of sorts.
The downside of allowing stuff to write there particularly is that DerivedData
is notoriously bad at getting cleaned up, so if you do a lot of Xcode-using
installations very quickly, you can chew your disk space up.
ClosesHomebrew/homebrew#43276.
Signed-off-by: Dominyk Tiller <dominyktiller@gmail.com>
