;;
;; Copyrights     : CNRS
;; Author         : Oleg Lodygensky
;; Acknowledgment : XtremWeb-HEP is based on XtremWeb 1.8.0 by inria : http://www.xtremweb.net/
;; Web            : http://www.xtremweb-hep.org
;;
;; Sandbox documentation : http://reverse.put.as/2011/09/14/apple-sandbox-guide-v1-0/
;;
;; 
;; This file is part of XtremWeb-HEP.
;; This is the Mac OS X sandbox-exec profile file for the worker
;; Up to Mac OS 10.7, we used the xgrid agent profile
;; But xgrid is not part of the system since Mac OS 10.8
;; We must provide our own now
;;
;; This file is a copy of the xgrid sandbox profile
;;
;;    XtremWeb-HEP is free software: you can redistribute it and/or modify
;;    it under the terms of the GNU General Public License as published by
;;    the Free Software Foundation, either version 3 of the License, or
;;    (at your option) any later version.
;;
;;    XtremWeb-HEP is distributed in the hope that it will be useful,
;;    but WITHOUT ANY WARRANTY; without even the implied warranty of
;;    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;    GNU General Public License for more details.
;;
;;    You should have received a copy of the GNU General Public License
;;    along with XtremWeb-HEP.  If not, see <http://www.gnu.org/licenses/>.
;;
;;

(version 1)

(debug deny)

(deny default)
;;(allow default)

(import "bsd.sb")

(allow process* sysctl* mach* network* system-socket)
(allow signal (target pgrp))

(allow file-read* file-ioctl (regex "^/(bin|dev|(private/)?(etc|tmp|var)|usr|System|Library)(/|$)"))
(allow file-read* file-write* file-ioctl (regex "^/(private/)?(tmp|var)(/|$)"))