mirror of
https://github.com/radareorg/radare2.git
synced 2024-12-03 19:01:31 +00:00
40 lines
653 B
Plaintext
40 lines
653 B
Plaintext
; Seatbelt script to sandbox radare2 in OSX
|
|
; =========================================
|
|
; --pancake <nopcode.org>
|
|
;
|
|
|
|
(version 1)
|
|
(debug all)
|
|
|
|
; (allow default)
|
|
|
|
(deny network*)
|
|
(deny system*)
|
|
(deny sysctl*)
|
|
(deny file-write*)
|
|
(deny file-ioctl)
|
|
(deny mach*)
|
|
|
|
|
|
; disables debugger and ! shell escape
|
|
(allow process*)
|
|
(deny process-fork)
|
|
|
|
; record trace log
|
|
; (trace "r2.log")
|
|
|
|
; (deny file-read* (subpath "."))
|
|
; (allow file-read*)
|
|
; (deny file-read*)
|
|
|
|
(allow file-read*
|
|
(regex
|
|
#"^/Users/[^.]+/*/radare2/"
|
|
#"^/usr/share/radare2/*"
|
|
#"^/usr/lib/system/*"
|
|
#"^/usr/lib/libr*"
|
|
#"^/usr/bin/rabin2"
|
|
)
|
|
)
|
|
(deny default)
|