Problem
When default=deny sandboxes auto-inject system read paths (via _SYSTEM_READ_PATHS in std.star), the list is missing paths needed for common developer workflows:
/var/folders / /private/var/folders — macOS per-user temp directories/private/var/db/timezone — timezone data (git, curl need this)~/.gitconfig — any git operation reads this~/.ssh — git SSH signing and remote operations
Users end up manually adding these paths through trial and error, leading to messy policies.
Proposal
Consider a tiered approach:
- Always inject: paths needed for any process to run (dyld, system libs, timezone, var/folders)
- Inject when net=allow: DNS-related paths
- Document per-tool: which paths git, cargo, node, python need so stdlib presets cover them
Problem
When
default=denysandboxes auto-inject system read paths (via_SYSTEM_READ_PATHSinstd.star), the list is missing paths needed for common developer workflows:/var/folders//private/var/folders— macOS per-user temp directories/private/var/db/timezone— timezone data (git, curl need this)~/.gitconfig— any git operation reads this~/.ssh— git SSH signing and remote operationsUsers end up manually adding these paths through trial and error, leading to messy policies.
Proposal
Consider a tiered approach: