top | item 8280143

(no title)

jhammer | 11 years ago

You can execute the process under sandbox-exec to take advantage of OS X kernel-level sandboxing. You'll need to write your own profile file that allows/denys what you want. There are plenty of examples of these .sb profile files under /System/Library. More: https://developer.apple.com/library/mac/documentation/Darwin...

discuss

jparishy|11 years ago

Excellent! Thank you for pointing me to this!

lstamour|11 years ago

Good tip. Another suggestion would be to use chroot :)

That said, the best, most foolproof way of doing this really comes down to using OS X to virtualize OS X.

Or you could try cross-compiling. It seems to work here: https://github.com/swift-x/tools (which looks interesting...)

It's possible that by the end of this week, maybe next, it will be very easy indeed to compile and/or run Swift on Linux from Linux, at which point you could try LXC or a million other ways to virtualize.

LinaLauneBaer|11 years ago

This mechanism has been deprecated by Apple. In the header file they point out that one should use the OS X sandboxing instead which works with plists instead and can be controlled with less flexibility.

jhammer|11 years ago

Calling sandbox_init from inside your app has been deprecated in favor of the App Sandbox mechanism, but I don't see any indication that sandbox-exec is deprecated.

jparishy|11 years ago

Just deployed a new script runner backed by sandbox-exec! Thanks again for the tip!