OLD | NEW |
1 ;; | 1 ;; |
2 ;; Copyright (c) 2009 The Chromium Authors. All rights reserved. | 2 ;; Copyright (c) 2009 The Chromium Authors. All rights reserved. |
3 ;; Use of this source code is governed by a BSD-style license that can be | 3 ;; Use of this source code is governed by a BSD-style license that can be |
4 ;; found in the LICENSE file. | 4 ;; found in the LICENSE file. |
5 ;; | 5 ;; |
6 ; This is the Sandbox configuration file used for safeguarding the user's | 6 ; This is the Sandbox configuration file used for safeguarding the user's |
7 ; untrusted code within Native Client. | 7 ; untrusted code within Native Client. |
8 ; | 8 ; |
9 | 9 |
10 ; *** The contents of chrome/common/common.sb are implicitly included here. *** | 10 ; *** The contents of chrome/common/common.sb are implicitly included here. *** |
11 | 11 |
12 ; Allow a Native Client application to use semaphores, specifically | 12 ; Allow a Native Client application to use semaphores, specifically |
13 ; sem_init(), et.al. | 13 ; sem_init(), et.al. |
14 (allow ipc-posix-sem) | 14 (allow ipc-posix-sem) |
| 15 |
| 16 ; Needed for the Native Client plugin and loader. |
| 17 ; TODO(msneck): Refactor Native Client to use something other than Unix |
| 18 ; sockets. |
| 19 ; See http://code.google.com/p/nativeclient/issues/detail?id=344 |
| 20 ;BEFORE_10.6 (allow network-inbound (from unix-socket)) |
| 21 ;BEFORE_10.6 (allow network-outbound (to unix-socket)) |
| 22 ;10.6_ONLY (allow network-inbound (regex #"^(/private)?/tmp/nacl-")) |
| 23 ;10.6_ONLY (allow network-outbound (regex #"^(/private)?/tmp/nacl-")) |
| 24 ;10.6_ONLY (allow network-bind (local ip4)) |
| 25 ;10.6_ONLY (allow file-write* (regex #"^(/private)?/tmp/nacl-")) |
OLD | NEW |