abbyswag/qwen-code
1
0
Fork 0
mirror of https://github.com/QwenLM/qwen-code.git synced 2025-12-20 08:47:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

adjust seatbelt to allow write into specific dirs under user home (#289)

Browse Source
This commit is contained in:
Olcan
2025-05-08 11:28:45 -07:00
committed by GitHub
parent 448a24746c
commit b59a940057
3 changed files with 9 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
packages/cli/src/utils/sandbox-macos-minimal.sb
View File

@@ -3,13 +3,14 @@
;; allow everything by default
(allow default)
;; deny all writes EXCEPT under project directory, temp directory, stdout/stderr and /dev/null
;; deny all writes EXCEPT under specific paths
(deny file-write*)
(allow file-write*
(subpath (param "TARGET_DIR"))
(subpath (param "TMP_DIR"))
(subpath (string-append (param "HOME_DIR") "/.gemini"))
(subpath (string-append (param "HOME_DIR") "/.npm"))
(literal "/dev/stdout")
(literal "/dev/stderr")
(literal "/dev/null")
)
)