20
edits
Security/Sandbox: Difference between revisions
Jump to navigation
Jump to search
Update macOS sandbox level 3 description
Haftandilian (talk | contribs) (Updating Mac Flash plugin info) |
Alex gaynor (talk | contribs) (Update macOS sandbox level 3 description) |
||
| Line 263: | Line 263: | ||
|- | |- | ||
| Level 3 || | | Level 3 || | ||
* write access to | * write access to all of the filesystem | ||
* read access to most of the filesystem | * read access to most of the filesystem | ||
** read access to the profile directory (apart from the chrome and extensions subdirectories) | ** read access to the profile directory (apart from the chrome and extensions subdirectories) | ||
| Line 270: | Line 270: | ||
* exec, fork | * exec, fork | ||
* printing | * printing | ||
* access to most system services | |||
|} | |} | ||
Note that the macOS sandbox is whitelist based, not blacklist, so this section is effectively the inverse of what we allow. | |||
[1] Level 1 restrictions are a subset of level 2. Level 2 restrictions are a subset of level 3. | [1] Level 1 restrictions are a subset of level 2. Level 2 restrictions are a subset of level 3. | ||