manpagez: man pages & more
man sandbox(7)

man pages By Section Choose... 123456789ln Alphabetically Choose... ABCDEFGHIJKLMNOPQRSTUVWXYZOther

Other versions of sandbox Choose... osx-10.6osx-10.5

Home | html | info | man

sandbox(7)           BSD Miscellaneous Information Manual           sandbox(7)

NAME

     sandbox -- overview of the sandbox facility

SYNOPSIS

     #include <sandbox.h>

DESCRIPTION

     The sandbox facility allows applications to voluntarily restrict their
     access to operating system resources.  This safety mechanism is intended
     to limit potential damage in the event that a vulnerability is exploited.
     It is not a replacement for other operating system access controls.

     New processes inherit the sandbox of their parent.  Restrictions are gen-
     erally enforced upon acquisition of operating system resources only.  For
     example, if file system writes are restricted, an application will not be
     able to open(2) a file for writing.  However, if the application already
     has a file descriptor opened for writing, it may use that file descriptor
     regardless of restrictions.

SEE ALSO

     sandbox-exec(1), sandbox_init(3), sandboxd(8)

Mac OS X                       January 29, 2010                       Mac OS X

---

Mac OS X 10.7 - Generated Thu Aug 25 08:59:25 CDT 2011

© manpagez.com 2000-2024
Individual documents may contain additional copyright information.