You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It is marked as deprecated and "Developers who wish to sandbox an app should instead adopt the App Sandbox feature described in the App Sandbox Design Guide". However, AFAICT the App Sandbox requires us to be able to modify the binary being run. Various comments suggest that although it is deprecated that it isn't going to go away soon because it is used internally by MacOS a lot, including for App Sandbox (?).
Given that configs for nsjail are much more widely available, it seems like that it would be better to establish those first and then port them over to sandbox-exec's Scheme based config files.
The text was updated successfully, but these errors were encountered:
Summary
See #2117 and #2118 for background. Some notes on
sandbox-exec
:It is marked as deprecated and "Developers who wish to sandbox an app should instead adopt the App Sandbox feature described in the App Sandbox Design Guide". However, AFAICT the App Sandbox requires us to be able to modify the binary being run. Various comments suggest that although it is deprecated that it isn't going to go away soon because it is used internally by MacOS a lot, including for App Sandbox (?).
https://www.karltarvas.com/macos-app-sandboxing-via-sandbox-exec.html
https://jmmv.dev/2019/11/macos-sandbox-exec.html
https://stackoverflow.com/questions/56703697/how-to-sandbox-third-party-applications-when-sandbox-exec-is-deprecated-now
Given that configs for
nsjail
are much more widely available, it seems like that it would be better to establish those first and then port them over tosandbox-exec
's Scheme based config files.The text was updated successfully, but these errors were encountered: