diff options
Diffstat (limited to 'etc/sandbox.d/00default.in')
| -rw-r--r-- | etc/sandbox.d/00default.in | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/etc/sandbox.d/00default.in b/etc/sandbox.d/00default.in new file mode 100644 index 0000000..264fdf3 --- /dev/null +++ b/etc/sandbox.d/00default.in @@ -0,0 +1,20 @@ +# Default configuration for non-set values +# +# As stated in sandbox.conf, any value in here do not get used if the variable +# is already present in the environment. All rules of the ACCESS Section +# applies here. +# +# Also note that SANDBOX_WORKDIR is a special variable that is just set if +# sandbox is run interactive (ie, no commandline options), and points to the +# current directory. + +# Normally the whole filesystem should be readable +SANDBOX_READ="/" + +# Finally add current directory if interactive +SANDBOX_WRITE="${SANDBOX_WORKDIR}" +# Needed for configure tests +SANDBOX_WRITE="@prefix@/tmp/conftest:@prefix@/lib/conftest:@prefix@/lib32/conftest:@prefix@/lib64/conftest:@prefix@/tmp/cf:@prefix@/lib/cf:@prefix@/lib32/cf:@prefix@/lib64/cf" + +# Usually writes in /home should not cause violations +SANDBOX_PREDICT="${HOME}" |