|
|
|
|
|
|
by comex
2181 days ago
|
|
|
It works, but you have to supply your own sandbox profile (list of allowed/denied operations) and it won’t create a virtual home directory for you like App Sandbox does. I’m not sure whether there’s an easy way to forcibly enable App Sandbox, but one possibility is to compile your own sandboxed app that simply execs the untrusted one. (Sandboxes are inherited by child processes, as they must be for security.) |
|
|