[opam-devel] OPAM 1.3 roadmap
Peter Zotov
whitequark at whitequark.org
Mon Feb 23 09:54:22 GMT 2015
Roberto Di Cosmo wrote:
> What I do not know is whether something similar is available for *BSD,
> and
> even less for Windows.
I have spent an extended amount of time on this issue in OS X.
Plain and simple, it is not possible to intercept syscalls on XNU.
The ptrace API does not implement PTRACE_SYSCALL, and the equivalent
Mach API, task_set_emulation, has not ever been implemented.
I've looked into the XNU sources too and there is simply no codepath
that performs what you need.
Forget about this kind of user-space sandboxing on OS X.
However, OS X provides an explicit sandboxing mechanism since 10.5.
I don't think it will work for opam either:
The app sandbox container directory has the following characteristics:
It is located at a system-defined path, within the user’s home
directory.
The container is in a hidden location, and so users do not interact with
it directly.
(from
https://developer.apple.com/library/mac/documentation/Security/Conceptual/AppSandboxDesignGuide/AppSandboxInDepth/AppSandboxInDepth.html#//apple_ref/doc/uid/TP40011183-CH3-SW6)
--
Peter Zotov
More information about the opam-devel
mailing list