• Fighting execs via sandboxfs on macOS

    Since the announcement of sandboxfs a few weeks ago, I've been stabilizing its integration with Bazel as a new sandboxing technique. As part of this work, I encountered issues when macOS was immediately killing signed binaries executed through the sandbox. Read on for the long troubleshooting process and the surprising trivial solution. [Continue reading]

  • Introducing sandboxfs

    sandboxfs is a FUSE-based file system that exposes an arbitrary view of the host’s file system under the mount point, and offers access controls that differ from those of the host. You can think of sandboxfs as an advanced version of bindfs (or mount --bind or mount_null(8) depending on your system) in which you can combine and nest directories under an arbitrary layout. [Continue reading]

  • Introducing sourcachefs

    Announcing the launch of sourcachefs, a FUSE-based persistent caching layer. [Continue reading]

  • Easy pkgsrc on macOS with pkg_comp 2.0

    This is a tutorial to guide you through the shiny new pkg_comp 2.0 on macOS using the macOS-specific self-installer. Goals: to use pkg_comp 2.0 to build a binary repository of all the packages you are interested in; to keep the repository fresh on a daily basis; and to use that repository with pkgin to maintain your macOS system up-to-date and secure. [Continue reading]

  • Keeping NetBSD up-to-date with pkg_comp 2.0

    This is a tutorial to guide you through the shiny new pkg_comp 2.0 on NetBSD. Goals: to use pkg_comp 2.0 to build a binary repository of all the packages you are interested in; to keep the repository fresh on a daily basis; and to use that repository with pkgin to maintain your NetBSD system up-to-date and secure. [Continue reading]

  • Introducing pkg_comp 2.0 (and sandboxctl 1.0)

    Announcing the launch of pkg_comp 2.0, how this differs from the 1.x series, why there was a rewrite, what sandboxctl 1.0 is, and more. [Continue reading]