On 2012-9-27 05:12 , Clemens Lang wrote: > On Thu, Sep 27, 2012 at 02:24:44AM +1000, Joshua Root wrote: >> % sandbox-exec -p '(version 1) (allow default) (deny file* (subpath >> "/usr/local") (subpath "/Library/Frameworks"))' gcc test.c >> cc1: error: /usr/local/include: Operation not permitted >> cc1: error: /Library/Frameworks: Operation not permitted > > Ideally, the sandboxing could just pretend /usr/local wasn't there to > begin with? Just denying access unfortunately isn't of any use to us.
Clang actually doesn't fail because of this. But who knows what else is going to treat it as a fatal error like gcc. I guess messing with the reported contents of otherwise accessible directories is more complicated than just denying or allowing access. Still, it seems like EACCES rather than EPERM might have been more compatible? Too late for anything before 10.8 to be changed now though. - Josh _______________________________________________ macports-dev mailing list [email protected] http://lists.macosforge.org/mailman/listinfo/macports-dev
