diff options
Diffstat (limited to 'etc/servo.sb')
| -rw-r--r-- | etc/servo.sb | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/etc/servo.sb b/etc/servo.sb new file mode 100644 index 00000000000..a77706c7edf --- /dev/null +++ b/etc/servo.sb @@ -0,0 +1,32 @@ +(version 1) + +(deny default) + +(allow file* + (literal "/dev/dtracehelper") + (literal "/dev/urandom") + (literal "/dev/null")) + +(allow file-read* + (subpath "")) + +(allow file-write* + (regex #"^/Users/[^/]+/Library/Autosave Information") + (subpath "/private/var")) + +; This is unfortunate... +(allow process-exec + (regex #"/servo$")) + +(deny file-write* + (regex #"/servo$")) + +(allow sysctl-read) +(allow sysctl-write) +(allow ipc-posix-shm) +(allow process-fork) +(allow mach-lookup) +(allow network-outbound) + +(debug deny) + |