Allow access to /dev/stderr in Darwin sandbox

We allow /dev/stdout, so why not this? Since it is process-local,
anyway, should not be possible to escape sandbox using it.
This commit is contained in:
Andrew Marshall 2023-12-18 19:33:20 -05:00
parent 5d5b25f2e3
commit 7526b7ded6

View file

@ -68,6 +68,7 @@ R""(
(allow file* (allow file*
(literal "/dev/null") (literal "/dev/null")
(literal "/dev/random") (literal "/dev/random")
(literal "/dev/stderr")
(literal "/dev/stdin") (literal "/dev/stdin")
(literal "/dev/stdout") (literal "/dev/stdout")
(literal "/dev/tty") (literal "/dev/tty")