On 2012-9-28 04:31 , Jordan K. Hubbard wrote: > Yeah, and, after talking to the sandbox gurus at Apple last night it's > pretty clear that sandboxing is fairly monomaniacal in its focus: It > just wants to deny things. It doesn't want to hide, redirect or > otherwise interpose filesystem / other operations, and given all of the > complexities inherent in the other approaches, that makes sense. Rats. > It would have been so much simpler if we could have figured out how to > piggy-back on sandboxing.
It's not a total loss at least. It seems to be working quite nicely to disallow writes outside the designated places, which among other things will catch installers bypassing the destroot. - Josh _______________________________________________ macports-dev mailing list [email protected] http://lists.macosforge.org/mailman/listinfo/macports-dev
