(version 1) ;; deny everything by default (deny default) ;; allow reading files from anywhere on host (allow file-read*) ;; allow exec/fork (children inherit policy) (allow process-exec) (allow process-fork) ;; allow signals to self, e.g. SIGPIPE on write to closed pipe (allow signal (target self)) ;; allow read access to specific information about system ;; from https://source.chromium.org/chromium/chromium/src/+/main:sandbox/policy/mac/common.sb;l=273-319;drc=7b3962fe2e5fc9e2ee58000dc8fbf3429d84d3bd (allow sysctl-read (sysctl-name "hw.activecpu") (sysctl-name "hw.busfrequency_compat") (sysctl-name "hw.byteorder") (sysctl-name "hw.cacheconfig") (sysctl-name "hw.cachelinesize_compat") (sysctl-name "hw.cpufamily") (sysctl-name "hw.cpufrequency_compat") (sysctl-name "hw.cputype") (sysctl-name "hw.l1dcachesize_compat") (sysctl-name "hw.l1icachesize_compat") (sysctl-name "hw.l2cachesize_compat") (sysctl-name "hw.l3cachesize_compat") (sysctl-name "hw.logicalcpu_max") (sysctl-name "hw.machine") (sysctl-name "hw.ncpu") (sysctl-name "hw.nperflevels") (sysctl-name "hw.optional.arm.FEAT_BF16") (sysctl-name "hw.optional.arm.FEAT_DotProd") (sysctl-name "hw.optional.arm.FEAT_FCMA") (sysctl-name "hw.optional.arm.FEAT_FHM") (sysctl-name "hw.optional.arm.FEAT_FP16") (sysctl-name "hw.optional.arm.FEAT_I8MM") (sysctl-name "hw.optional.arm.FEAT_JSCVT") (sysctl-name "hw.optional.arm.FEAT_LSE") (sysctl-name "hw.optional.arm.FEAT_RDM") (sysctl-name "hw.optional.arm.FEAT_SHA512") (sysctl-name "hw.optional.armv8_2_sha512") (sysctl-name "hw.packages") (sysctl-name "hw.pagesize_compat") (sysctl-name "hw.physicalcpu_max") (sysctl-name "hw.tbfrequency_compat") (sysctl-name "hw.vectorunit") (sysctl-name "kern.hostname") (sysctl-name "kern.maxfilesperproc") (sysctl-name "kern.osproductversion") (sysctl-name "kern.osrelease") (sysctl-name "kern.ostype") (sysctl-name "kern.osvariant_status") (sysctl-name "kern.osversion") (sysctl-name "kern.secure_kernel") (sysctl-name "kern.usrstack64") (sysctl-name "kern.version") (sysctl-name "sysctl.proc_cputype") (sysctl-name-prefix "hw.perflevel") ) ;; allow writes to specific paths (allow file-write* (subpath (param "TARGET_DIR")) (subpath (param "TMP_DIR")) (subpath (param "CACHE_DIR")) (subpath (string-append (param "HOME_DIR") "/.gemini")) (subpath (string-append (param "HOME_DIR") "/.npm")) (subpath (string-append (param "HOME_DIR") "/.cache")) (subpath (string-append (param "HOME_DIR") "/.gitconfig")) (literal "/dev/stdout") (literal "/dev/stderr") (literal "/dev/null") ) ;; allow communication with sysmond for process listing (e.g. for pgrep) (allow mach-lookup (global-name "com.apple.sysmond")) ;; enable terminal access required by ink ;; fixes setRawMode EPERM failure (at node:tty:81:24) (allow file-ioctl (regex #"^/dev/tty.*")) ;; allow inbound network traffic on debugger port (allow network-inbound (local ip "localhost:9229")) ;; allow outbound network traffic through proxy on localhost:8877 ;; set `GEMINI_SANDBOX_PROXY_COMMAND=` to run proxy alongside sandbox ;; proxy must listen on :::8877 (see docs/examples/proxy-script.md) (allow network-outbound (remote tcp "localhost:8877"))