github.com/criyle/go-sandbox@v0.10.3/pkg/forkexec/test.sb (about)

     1  ; Test Sandbox Profile
     2  ; No network / socket
     3  ; No system / sysctl 
     4  (version 1)
     5  
     6  (deny default)
     7  
     8  ; allow posix ipc
     9  (allow ipc-posix*)
    10  
    11  ; allow file access /
    12  (allow file-read* (subpath "/usr/lib"))
    13  
    14  ; allow execve 
    15  (allow process-exec)
    16  
    17  ; allow fork
    18  (allow process-fork)
    19  
    20  ; allow signal to self
    21  (allow signal (target self))