manpagez: man pages & more
man sandbox_init(3)

man pages By Section Choose... 123456789ln Alphabetically Choose... ABCDEFGHIJKLMNOPQRSTUVWXYZOther

Other versions of sandbox_init Choose... osx-10.6osx-10.5osx-10.13.1

Home | html | info | man

sandbox_init(3)          BSD Library Functions Manual          sandbox_init(3)

NAME

     sandbox_init, sandbox_free_error -- set process sandbox (DEPRECATED)

SYNOPSIS

     #include <sandbox.h>

     int
     sandbox_init(const char *profile, uint64_t flags, char **errorbuf);

     void
     sandbox_free_error(char *errorbuf);

DESCRIPTION

     The sandbox_init() and sandbox_free_error() functions are DEPRECATED.
     Developers who wish to sandbox an app should instead adopt the App Sand-
     box feature described in the App Sandbox Design Guide.

     The sandbox_init() function places the current process into a sandbox(7).
     The NUL-terminated string profile specifies the profile to be used to
     configure the sandbox.  The flags specified are formed by or'ing the fol-
     lowing values:

     SANDBOX_NAMED           The profile argument specifies a sandbox profile
                             named by one of the constants given in the
                             AVAILABLE PROFILES section below.

     The out parameter *errorbuf will be set according to the error status.

RETURN VALUES

     Upon successful completion of sandbox_init(), a value of 0 is returned
     and *errorbuf is set to NULL.  In the event of an error, a value of -1 is
     returned and *errorbuf is set to a pointer to a NUL-terminated string
     describing the error.  This string may contain embedded newlines.  This
     error information is suitable for developers and is not intended for end
     users.  This pointer should be passed to sandbox_free_error(3) to release
     the allocated storage when it is no longer needed.

AVAILABLE PROFILES

     The following are brief descriptions of each available profile.  Keep in
     mind that sandbox(7) restrictions are typically enforced at resource
     acquisition time.

     kSBXProfileNoInternet              TCP/IP networking is prohibited.

     kSBXProfileNoNetwork               All sockets-based networking is pro-
                                        hibited.

     kSBXProfileNoWrite                 File system writes are prohibited.

     kSBXProfileNoWriteExceptTemporary  File system writes are restricted to
                                        the temporary folder /var/tmp and the
                                        folder specified by the confstr(3)
                                        configuration variable _CS_DAR-
                                        WIN_USER_TEMP_DIR.

     kSBXProfilePureComputation         All operating system services are pro-
                                        hibited.

SEE ALSO

     sandbox-exec(1), sandbox(7), sandboxd(8)

Mac OS X                       November 15, 2011                      Mac OS X

---

Mac OS X 10.8 - Generated Sat Aug 25 18:42:00 CDT 2012

© manpagez.com 2000-2024
Individual documents may contain additional copyright information.