;; Copyright (c) 2008 Apple Inc. All Rights reserved. ;; ;; sshd - profile for privilege separated children ;; ;; WARNING: The sandbox rules in this file currently constitute ;; Apple System Private Interface and are subject to change at any time and ;; without notice. ;; (version 1) (deny default) (allow file-chroot) (allow file-read-metadata (literal "/var")) (allow sysctl-read) (allow mach-per-user-lookup) (allow mach-lookup (global-name "com.apple.system.notification_center") (global-name "com.apple.system.logger"))