osx man page for sandbox_init

Osx Man Pages All Man Pages Latest Topics Forum Categories

Query: sandbox_init

OS: osx

Section: 3

Format: Original Unix Latex Style Formatted with HTML and a Horizontal Scroll Bar

SANDBOX_INIT(3) 					   BSD Library Functions Manual 					   SANDBOX_INIT(3)


NAME

     sandbox_init, sandbox_free_error -- set process sandbox (DEPRECATED)


SYNOPSIS

     #include <sandbox.h>

     int
     sandbox_init(const char *profile, uint64_t flags, char **errorbuf);

     void
     sandbox_free_error(char *errorbuf);


DESCRIPTION

     The sandbox_init() and sandbox_free_error() functions are DEPRECATED.  Developers who wish to sandbox an app should instead adopt the App
     Sandbox feature described in the App Sandbox Design Guide.

     The sandbox_init() function places the current process into a sandbox(7). The NUL-terminated string profile specifies the profile to be used
     to configure the sandbox.	The flags specified are formed by or'ing the following values:

     SANDBOX_NAMED	     The profile argument specifies a sandbox profile named by one of the constants given in the AVAILABLE PROFILES sec-
			     tion below.

     The out parameter *errorbuf will be set according to the error status.


RETURN VALUES

     Upon successful completion of sandbox_init(), a value of 0 is returned and *errorbuf is set to NULL.  In the event of an error, a value of -1
     is returned and *errorbuf is set to a pointer to a NUL-terminated string describing the error.  This string may contain embedded newlines.
     This error information is suitable for developers and is not intended for end users.  This pointer should be passed to sandbox_free_error(3)
     to release the allocated storage when it is no longer needed.


AVAILABLE PROFILES

     The following are brief descriptions of each available profile.  Keep in mind that sandbox(7) restrictions are typically enforced at resource
     acquisition time.

     kSBXProfileNoInternet		TCP/IP networking is prohibited.

     kSBXProfileNoNetwork		All sockets-based networking is prohibited.

     kSBXProfileNoWrite 		File system writes are prohibited.

     kSBXProfileNoWriteExceptTemporary	File system writes are restricted to the temporary folder /var/tmp and the folder specified by the
					confstr(3) configuration variable _CS_DARWIN_USER_TEMP_DIR.

     kSBXProfilePureComputation 	All operating system services are prohibited.


SEE ALSO

     sandbox-exec(1), sandbox(7), sandboxd(8)

Mac OS X							 November 15, 2011							  Mac OS X
Related Man Pages
sandbox_selinux(8) - centos
sandbox_init(3) - mojave
rpcsvchost(8) - mojave
asctl(1) - osx
rpcsvchost(8) - osx
Similar Topics in the Unix Linux Community
wokstation needs to either webserve or fileshare...
Idiot's Guide to Mac OSX BSD?
User Mode Linux sandbox?
Mac OS X v10.6.3: Display profile reverts from custom to default after updating to Mac OS X v10.6.3
Sandboxes for developers