Systrace Sample policy for ls: Policy: /bin/ls, Emulation: native native-open: filename eq "$HOME" and oflags sub "ro" then permit native-open: filename eq "/dev" and oflags sub "ro" then permit native-open: filename eq "/etc" then deny[eperm] native-open: filename eq "/etc/group" and oflags sub "ro" then permit native-open: filename eq "/etc/localtime" and oflags sub "ro" then permit native-open: filename eq "/etc/pwd.db" and oflags sub "ro" then permit native-open: filename eq "/tmp" and oflags sub "ro" then permit native-open: filename inpath "$CWD" and oflags sub "ro" then permit native-open: filename match "$HOME/*" and oflags sub "ro" then permit native-open: filename match "/usr/share/*" and oflags sub "ro" then permit native-__sysctl: permit native-access: permit native-break: permit native-close: permit [...] Very simple policy language. Also easy to edit by hand.