DEVHIDE
Login Or Sign up

sandbox-exec: deny network access but allow socket

842 Views Asked by At

I am using MacOSX's sandbox-exec to deny network access for a command (like e.g. described in this article).

Unfortunately this also seems to deny MySQL access to it's socket:

Can't connect to local MySQL server through socket '/tmp/mysql.sock'

The profile-file for sandbox-exec is this:

(version 1)
(allow default)
(deny network*)

Is there a way to restrict only TCP/internet network access but leave socket access unchanged?

macos darwin
Original Q&A
1

There are 1 best solutions below

0
On

Found out. The profile file has to contain (allow network-outbound (to unix-socket)):

(version 1)
(allow default)
(deny network*)
(allow network-outbound (to unix-socket))

Related Questions in MACOS

Related Questions in DARWIN

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.