Skip to content

Instantly share code, notes, and snippets.

@cielavenir

cielavenir/readme.md

Last active October 23, 2024 12:42
Show Gist options
  • Save cielavenir/02f322e322a2a3555dbf2b38f2fedd59 to your computer and use it in GitHub Desktop.
Save cielavenir/02f322e322a2a3555dbf2b38f2fedd59 to your computer and use it in GitHub Desktop.
Download ZIP
zoom sandbox-exec for macOS
Raw
readme.md
  1. Download Zoom.pkg from https://zoom.us/download
  2. Extract it using https://www.timdoug.com/unpkg/
  3. Now you have Zoom/zoom.us.app
  4. Launch Zoom by zoom.sh Zoom/zoom.us.app/Contents/MacOS/zoom.us

caveats:

  • Zoom will fail to start meeting for the first time. Just launch again.
  • Zoom will tell that crash happened, but you should ignore it.
Raw
zoom.sh
#!/bin/sh
# Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted.
# DISCLAIMER: THE WORKS ARE WITHOUT WARRANTY.
sandbox-exec -p "
(version 1)
(allow default)
(deny file-write*)
(allow file-write*
(subpath \"${HOME}/Library/Application Support/zoom.us\")
(subpath \"${HOME}/Library/Logs/zoom.us\")
(subpath \"${HOME}/Library/WebKit/us.zoom.xos\")
(subpath \"${HOME}/Library/Caches/us.zoom.xos\")
(subpath \"${HOME}/Library/Saved Application State/us.zoom.xos.savedState\")
(subpath \"/private/var/tmp\")
(subpath \"/private/tmp\")
(subpath \"/tmp\")
(subpath \"/private/var/folders\")
(subpath \"/var/folders\")
)
(deny file* (regex #\"/id_rsa$\"))
(deny file* (regex #\"/id_dsa$\"))
(deny file* (regex #\"/id_ecdsa$\"))
(deny file* (regex #\"/id_ed25519$\"))
(deny file* (regex #\"\\.pem$\"))
" "$@"
@darcyforster
Copy link

Hi, can you please tell me which folder the zoom app is downloaded into? after running the script I cannot seem to find the application anywhere
thanks

@msanders
Copy link

msanders commented Oct 4, 2023
edited
Loading

@darcyforster The Zoom application bundle is not persisted after running the script. It is temporarily extracted to $HOME/.local/share/zoom-sandbox (or $XDG_CACHE_HOME/zoom-sandbox) when run, but removed after exit to avoid unintentionally launching outside of sandbox-exec. It is possible to write an application wrapper that does the same thing and allows launching from Finder, but would require additional maintenance. Users of the sandbox script can (and should) remove the Zoom app from /Applications/ if previously installed. Not sure if you were troubleshooting an issue with the app failing to launch, but I've added an additional flag to help diagnose:

/path/to/bin/zoom -v

Note that if Zoom had an application available on the Mac App Store this would not be necessary, since that already requires sandboxing. I strongly recommend encouraging organizations to seek alternatives such as Webex or one of the FOSS offerings available that don't have such absymal track records for security and privacy. Other options for users aside from the script include the web client and iOS apps. Unfortunately, at the time of this writing the web client has buggy behavior with camera orientation.

To completely remove previous installations of Zoom, you can use this script or run:

brew rm --cask --zap --force zoom

Note that this will delete preferences as well.

@cielavenir
Copy link
Author

(added license lines)

@aniqueta
Copy link

aniqueta commented Jun 9, 2024

Thanks @msanders for the excellent script, and @cielavenir for the original.

To make this more like a macOS app, one can use Automator per these instructions:

Open Automator, choose Application, add a Run Shell Script action and put in your Shell command between quotes (if you have a file, you can just drag and drop it).

Other than playing it, now you can save it (as an app anywhere) and even set the icon.

Source: https://superuser.com/a/612072

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment