Y
Hacker News
new
|
ask
|
show
|
jobs
by
saagarjha
777 days ago
Entitlements cannot protect against things in your own process. They are always used to gate clients either across a kernel-user or XPC boundary.
1 comments
jiveturkey
777 days ago
isn't that exactly what the parent was asking for? limiting syscalls.
EDIT: oh. but not limited to the caller from a specific system library.
link
EDIT: oh. but not limited to the caller from a specific system library.