manpagez: man pages & more
man sandbox(7)
Home | html | info | man
sandbox(7)           BSD Miscellaneous Information Manual           sandbox(7)


     sandbox -- overview of the sandbox facility


     #include <sandbox.h>


     The sandbox facility allows applications to voluntarily restrict their
     access to operating system resources.  This safety mechanism is intended
     to limit potential damage in the event that a vulnerability is exploited.
     It is not a replacement for other operating system access controls.

     New processes inherit the sandbox of their parent.  Restrictions are gen-
     erally enforced upon acquisition of operating system resources only.  For
     example, if file system writes are restricted, an application will not be
     able to open(2) a file for writing.  However, if the application already
     has a file descriptor opened for writing, it may use that file descriptor
     regardless of restrictions.


     sandbox-exec(1), sandbox_init(3), sandboxd(8)

Mac OS X                       January 29, 2010                       Mac OS X

Mac OS X 10.7 - Generated Thu Aug 25 08:59:25 CDT 2011
© 2000-2023
Individual documents may contain additional copyright information.