|
|
|
|
|
|
by imiric
595 days ago
|
|
|
You can use pledge[1] to restrict the tool to read/write only in specific directories, or only use certain system calls. This is easier to run than from a container or VM, but can be a bit fiddly to setup at first. Assuming you trust it with the files in your codebase, and them being shared with third parties. Which is a hard pill to swallow for a proprietary program. [1]: https://justine.lol/pledge/ |
|
|