[opam-devel] OPAM 1.3 roadmap

Peter Zotov whitequark at whitequark.org
Mon Feb 23 09:54:22 GMT 2015

Roberto Di Cosmo wrote:
> What I do not know is whether something similar is available for *BSD, 
> and
> even less for Windows.

I have spent an extended amount of time on this issue in OS X.
Plain and simple, it is not possible to intercept syscalls on XNU.
The ptrace API does not implement PTRACE_SYSCALL, and the equivalent
Mach API, task_set_emulation, has not ever been implemented.
I've looked into the XNU sources too and there is simply no codepath
that performs what you need.

Forget about this kind of user-space sandboxing on OS X.

However, OS X provides an explicit sandboxing mechanism since 10.5.
I don't think it will work for opam either:

The app sandbox container directory has the following characteristics:
It is located at a system-defined path, within the user’s home 
The container is in a hidden location, and so users do not interact with 
it directly.


Peter Zotov

More information about the opam-devel mailing list