abbyswag/qwen-code
1
0
Fork 0
mirror of https://github.com/QwenLM/qwen-code.git synced 2025-12-21 01:07:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

restricted networking for all sandboxing methods, new seatbelt profiles, updated docs, fixes to sandbox build, debugging through sandbox (#891)

Browse Source
This commit is contained in:
Olcan
2025-06-10 08:58:37 -07:00
committed by GitHub
parent 895c1f132f
commit e38d2078cc
16 changed files with 511 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
packages/cli/src/utils/sandbox-macos-permissive-open.sb Normal file
View File

@@ -0,0 +1,19 @@
(version 1)
;; allow everything by default
(allow default)
;; deny all writes EXCEPT under specific paths
(deny file-write*)
(allow file-write*
(subpath (param "TARGET_DIR"))
(subpath (param "TMP_DIR"))
(subpath (param "CACHE_DIR"))
(subpath (string-append (param "HOME_DIR") "/.gemini"))
(subpath (string-append (param "HOME_DIR") "/.npm"))
(subpath (string-append (param "HOME_DIR") "/.cache"))
(subpath (string-append (param "HOME_DIR") "/.gitconfig"))
(literal "/dev/stdout")
(literal "/dev/stderr")
(literal "/dev/null")
)