[solarkraft]

These are Linux containers in a VM, I’m pretty sure GP is talking about native macOS containers.

Which: They do actually have some container-like sandboxing tech around applications (“iTerm wants to access your downloads folder”).

[retsl]

Yes, afaik macOS apps could theoretically be sandboxed as well (or close to) as iOS apps are. You can find the policies for many first-party apps and deamons in /System/Library/Sandbox/Profiles. But in practice most third-party apps aren't.

https://bdash.net.nz/posts/tcc-and-the-platform-sandbox-poli... and https://bdash.net.nz/posts/sandboxing-on-macos/ are good introductory articles.