[mdaniel]

If you want a file format, I'd lobby for one of the existing ones rather than some random yaml one

- sandbox-exec's scheme one https://github.com/BrianSwift/macOSSandboxBuild/blob/main/co...

- AppArmor https://wiki.apparmor.net/ (although I'm cognizant that tries to address way more than just filesystem access)

- Java's permission one https://docs.oracle.com/javase/8/docs/technotes/guides/secur...

Likely tens more

[bastiao]

I agree that re-use file format could a good option. BTW the used landlock go library has sort of example https://github.com/landlock-lsm/go-landlock/blob/main/exampl...