macOS has a formal sandboxing language; I first learned about it via iTerm2's bu... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		mdaniel on Feb 8, 2025 \| parent \| context \| favorite \| on: VSCode’s SSH agent is bananas macOS has a formal sandboxing language; I first learned about it via iTerm2's build process: https://gitlab.com/gnachman/iterm2/-/blob/v3.5.12beta2/deps.... consumed by /usr/bin/sandbox-exec https://gitlab.com/gnachman/iterm2/-/blob/v3.5.12beta2/Makef... I haven't tried to use it in anger, but I believe this is the likely starting point https://developer.apple.com/documentation/xcode/configuring-...

dunham on Feb 11, 2025 [–]

I've attempted to use the sandbox-exec utility, but didn't have the stamina to get a working sandbox file written.

In general, I'd like to be able to sandbox more things. I'm using the app store version of slack because slack doesn't really need access to all of my files.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact