On 13/11/2016 22:50, Tommaso Cucinotta wrote:
On 13/11/2016 15:10, Kornel Benko wrote:
Yes, creating the cmake changes for unix(linux) like platforms. Don't know,
what to do for
windows or MAC.
From a lightning fast investigation, it seems that Mac OS-X has an "App
Sandbox" feature that can be used for the purpose, nor sure whether the same as the
sandbox-exec syscall since OS-X 10.9:
https://developer.apple.com/legacy/library/documentation/Darwin/Reference/ManPages/man1/sandbox-exec.1.html
https://developer.apple.com/library/content/documentation/Security/Conceptual/AppSandboxDesignGuide/AboutAppSandbox/AboutAppSandbox.html
On Windows, I could only find this Low Integrity Level and accompanying
Integrity ACL:
https://en.wikipedia.org/wiki/Mandatory_Integrity_Control
https://en.wikipedia.org/wiki/Cacls#icacls
But, the latter wikipedia pointer claims icacls is all broken.
We'd need a Mac and Windows devels to have a glance about the above.
Namely, looks like:
-) on Linux with AppArmor, we use lyxwrap, and/or just apply a profile to LyX
with restriction on *any* sub-process
lyxwrap <command> <args>...
-) on Mac OS-X supporting sandboxing, we call:
sandbox-exec <command> <args>...
-) on Windows, we call:
icacls /setintegritylevel Low <command> <args>...
All to be validated, tried & adapted for the LyX use-case.
T.
