Roberto Di Cosmo wrote:
What I do not know is whether something similar is available for *BSD,
and
even less for Windows.
I have spent an extended amount of time on this issue in OS X.
Plain and simple, it is not possible to intercept syscalls on XNU.
The ptrace API does not implement PTRACE_SYSCALL, and the equivalent
Mach API, task_set_emulation, has not ever been implemented.
I've looked into the XNU sources too and there is simply no codepath
that performs what you need.
Forget about this kind of user-space sandboxing on OS X.
However, OS X provides an explicit sandboxing mechanism since 10.5.
I don't think it will work for opam either:
The app sandbox container directory has the following characteristics:
It is located at a system-defined path, within the user’s home
directory.
The container is in a hidden location, and so users do not interact with
it directly.
(from
https://developer.apple.com/library/mac/documentation/Security/Conceptual/AppSandboxDesignGuide/AppSandboxInDepth/AppSandboxInDepth.html#//apple_ref/doc/uid/TP40011183-CH3-SW6)
--
Peter Zotov
_______________________________________________
opam-devel mailing list
[email protected]
http://lists.ocaml.org/listinfo/opam-devel
