valknar/llmx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: Update seatbelt policy for java on macOS (#3987)

Browse Source 
# Summary

This PR is related to the Issue #3978 and contains a fix to the seatbelt
profile for macOS that allows to run java/jdk tooling from the sandbox.
I have found that the included change is the minimum change to make it
run on my machine.

There is a unit test added by codex when making this fix. I wonder if it
is useful since you need java installed on the target machine for it to
be relevant. I can remove it it is better.

Fixes #3978
This commit is contained in:
Bernard Niset
2025-10-30 22:25:04 +01:00
committed by GitHub
parent 6ef658a9f9
commit ff6d4cec6b
2 changed files with 67 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
codex-rs/core/src/seatbelt_base_policy.sbpl
View File

@@ -71,6 +71,10 @@
(sysctl-name-prefix "net.routetable.")
)
; Allow Java to set CPU type grade when required
(allow sysctl-write
(sysctl-name "kern.grade_cputype"))
; IOKit
(allow iokit-open
(iokit-registry-entry-class "RootDomainUserClient")