summaryrefslogtreecommitdiff
path: root/packages/cli/src/utils/sandbox-macos-permissive-closed.sb
diff options
context:
space:
mode:
Diffstat (limited to 'packages/cli/src/utils/sandbox-macos-permissive-closed.sb')
-rw-r--r--packages/cli/src/utils/sandbox-macos-permissive-closed.sb26
1 files changed, 26 insertions, 0 deletions
diff --git a/packages/cli/src/utils/sandbox-macos-permissive-closed.sb b/packages/cli/src/utils/sandbox-macos-permissive-closed.sb
new file mode 100644
index 00000000..36d88995
--- /dev/null
+++ b/packages/cli/src/utils/sandbox-macos-permissive-closed.sb
@@ -0,0 +1,26 @@
+(version 1)
+
+;; allow everything by default
+(allow default)
+
+;; deny all writes EXCEPT under specific paths
+(deny file-write*)
+(allow file-write*
+ (subpath (param "TARGET_DIR"))
+ (subpath (param "TMP_DIR"))
+ (subpath (param "CACHE_DIR"))
+ (subpath (string-append (param "HOME_DIR") "/.gemini"))
+ (subpath (string-append (param "HOME_DIR") "/.npm"))
+ (subpath (string-append (param "HOME_DIR") "/.cache"))
+ (subpath (string-append (param "HOME_DIR") "/.gitconfig"))
+ (literal "/dev/stdout")
+ (literal "/dev/stderr")
+ (literal "/dev/null")
+)
+
+;; deny all inbound network traffic EXCEPT on debugger port
+(deny network-inbound)
+(allow network-inbound (local ip "localhost:9229"))
+
+;; deny all outbound network traffic
+(deny network-outbound)
generated by cgit v1.2.3 (git 2.51.0) at 2025-12-01 20:23:06 +0000