Manual Pages for UNIX Darwin command on man sandbox
MyWebUniversity

Manual Pages for UNIX Darwin command on man sandbox

SANDBOX(7) BSD Miscellaneous Information Manual SANDBOX(7)



NAME
     ssaannddbbooxx - overview of the sandbox facility



SYNOPSIS
     ##iinncclluuddee <>



DESCRIPTION
     The ssaannddbbooxx facility allows applications to voluntarily restrict their
     access to operating system resources.  This safety mechanism is intended
     to limit potential damage in the event that a vulnerability is exploited.
     It is not a replacement for other operating system access controls.


     New processes inherit the ssaannddbbooxx of their parent.  Restrictions are gen-

     erally enforced upon acquisition of operating system resources only.  For
     example, if file system writes are restricted, an application will not be
     able to open(2) a file for writing.  However, if the application already
     has a file descriptor opened for writing, it may use that file descriptor
     regardless of restrictions.


SEE ALSO
     sandbox-exec(1), sandboxinit(3), sandbox-compilerd(8)


Mac OS X                         July 7, 2007                         Mac OS X



Contact us      |      About us      |      Term of use      |       Copyright © 2000-2019 MyWebUniversity.com ™