diff options
| author | Olcan <[email protected]> | 2025-05-08 11:28:45 -0700 |
|---|---|---|
| committer | GitHub <[email protected]> | 2025-05-08 11:28:45 -0700 |
| commit | b59a940057f5753282415b0b6d1b5ea455221451 (patch) | |
| tree | 5e4e05e39ec13805b0f449a994a800556c1102ed /packages/cli/src/utils/sandbox-macos-minimal.sb | |
| parent | 448a24746c00dc01a7f7fdc960b5a634e3da3e31 (diff) | |
adjust seatbelt to allow write into specific dirs under user home (#289)
Diffstat (limited to 'packages/cli/src/utils/sandbox-macos-minimal.sb')
| -rw-r--r-- | packages/cli/src/utils/sandbox-macos-minimal.sb | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/packages/cli/src/utils/sandbox-macos-minimal.sb b/packages/cli/src/utils/sandbox-macos-minimal.sb index c304b838..5a8b46dd 100644 --- a/packages/cli/src/utils/sandbox-macos-minimal.sb +++ b/packages/cli/src/utils/sandbox-macos-minimal.sb @@ -3,13 +3,14 @@ ;; allow everything by default (allow default) -;; deny all writes EXCEPT under project directory, temp directory, stdout/stderr and /dev/null +;; deny all writes EXCEPT under specific paths (deny file-write*) (allow file-write* (subpath (param "TARGET_DIR")) (subpath (param "TMP_DIR")) + (subpath (string-append (param "HOME_DIR") "/.gemini")) + (subpath (string-append (param "HOME_DIR") "/.npm")) (literal "/dev/stdout") (literal "/dev/stderr") (literal "/dev/null") -) - +)
\ No newline at end of file |