From c26b909c1cb2d52de6658f5aa8cd937c5d8a00ca Mon Sep 17 00:00:00 2001
From: Jon Williams <jonathan.williams@gmail.com>
Date: Mon, 22 Jan 2018 18:48:50 -0500
Subject: [PATCH] Sandbox path to Rack passed in to sandbox-exec

---
 Makefile | 2 +-
 Rack.sb  | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 122abe22..7091d744 100644
--- a/Makefile
+++ b/Makefile
@@ -58,7 +58,7 @@ endif
 
 sandbox-run: $(TARGET)
 ifeq ($(ARCH), mac)
-	sandbox-exec -f ./Rack.sb `which sh` -c 'DYLD_FALLBACK_LIBRARY_PATH=dep/lib ./$<'                                                                      2 ↵  ✹ ✭sandbox ‹2.4.2›
+	sandbox-exec -D RACK_HOME=$(PWD) -f ./Rack.sb `which sh` -c 'DYLD_FALLBACK_LIBRARY_PATH=dep/lib ./$<'                                                                      2 ↵  ✹ ✭sandbox ‹2.4.2›
 endif
 
 debug: $(TARGET)
diff --git a/Rack.sb b/Rack.sb
index 09dfb121..9a04fb05 100644
--- a/Rack.sb
+++ b/Rack.sb
@@ -2,6 +2,8 @@
 (version 1)
 (debug allow)
 
+(define rack-home "RACK_HOME")
+
 ; This is needed for IPC on OSX >= 10.6
 (allow ipc-posix-shm)
 
@@ -27,6 +29,8 @@
 
 (allow system-socket)
 
+(allow file-read* file-write* (subpath (param rack-home)))
+
 ; Allow file reading
 (allow file-read*
     (regex