ERROR: Unexpected output from "ps" command when running `rush update` with `node-safe`

Question

I use node-safe to run Node.js commands sanboxed on macOS. I also try to use Rush.js

When I run rush update, I get the following error:

ERROR: Unexpected output from "ps" command

The error doesn't happen when I run the command with --allow-all flag for node-safe, but this disabled sandbox completely. When I manually give every possible permission to the command ((allow system*) and others), I still get this error

Answer 1

After lots of digging, I've found this comment in Bazel repository (they also happen to use macOS built-in sandboxing)

rush update uses /bin/ps to get the process start time (no idea why). The error originates from around here if you're interested

The comment explains that /bin/ps has to be run unsandboxed. To do that in the sandbox configuration file, you need to add (allow process-exec (with no-sandbox) (literal "/bin/ps")) to your sandbox file

There is currently no way to do that in node-safe. You can fork it and add this option, or use my fork to add this clause (see the top readme.md)

This could be done prettier, but it seems like an obscure use-case. If you had the same problem and this helped you, I will think about way of adding such feature into node-safe repo. Please comment to let me know in such case