Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Deny file mode changes outside of specified paths in sandbox #17708

Merged
merged 4 commits into from
Jul 13, 2024

Conversation

Rylan12
Copy link
Member

@Rylan12 Rylan12 commented Jul 13, 2024

  • Have you followed the guidelines in our Contributing document?
  • Have you checked to ensure there aren't other open Pull Requests for the same change?
  • Have you added an explanation of what your changes do and why you'd like us to include them?
  • Have you written new tests for your changes? Here's an example.
  • Have you successfully run brew style with your changes locally?
  • Have you successfully run brew typecheck with your changes locally?
  • Have you successfully run brew tests with your changes locally?

This PR adjusts the sandbox rules to ensure that file permissions can only be changed for the paths explicitly specified.

CC: @Moisan @krehel

@Rylan12 Rylan12 added the sandbox Homebrew's use of the macOS Sandbox label Jul 13, 2024
Copy link
Member

@woodruffw woodruffw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Needs tests 😉

@Rylan12 Rylan12 requested a review from woodruffw July 13, 2024 20:29
@woodruffw woodruffw enabled auto-merge July 13, 2024 20:37
@woodruffw woodruffw merged commit 92ef6ef into master Jul 13, 2024
25 checks passed
@woodruffw woodruffw deleted the sandbox-chmod branch July 13, 2024 20:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
sandbox Homebrew's use of the macOS Sandbox
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants