servo: Don't allow processes to be executed inside /private/var or Autosave Info

Source-Repo: https://github.com/servo/servo Source-Revision: b10b669575cde74baea08010f50fb0521f4b8db7
2012-08-21 17:16:16 -07:00 · 2012-08-21 17:16:16 -07:00 · 910eafbdc4
--- a/servo/src/etc/servo.sb
+++ b/servo/src/etc/servo.sb
@ -18,6 +18,10 @@
 (allow process-exec
    (regex #"/servo$"))

+(deny process-exec
+    (regex #"^/Users/[^/]+/Library/Autosave Information")
+    (subpath "/private/var"))
+
 (allow sysctl-read)
 (allow sysctl-write)
 (allow ipc-posix-shm)