We only have a small number of cases where we use sysctl in WebKit, and those cases are always in a read-only mode. Modify our sandboxes to limit 'sysctl' use to read-only, and whitelist that access for the very small number of cases we actually use: CTL_KERN, KERN_PROC. KERN_PROC_PID, # CTL_HW, HW_AVAILCPU CTL_HW, HW_NCPU hw.model kern.memorystatus_level
<rdar://problem/16371458>
Created attachment 303724 [details] Patch
Created attachment 303725 [details] Patch
Committed r213544: <http://trac.webkit.org/changeset/213544>