Exploring macOS's sandbox-exec for Secure Application Execution
sandbox-exec is a command-line utility built into macOS, designed to execute applications within a sandboxed environment. This tool helps in creating a secure, restricted space where applications can run with limited access to system resources, thereby minimizing the risks from malicious code or unintended behavior.
Key Details
Application sandboxing with sandbox-exec is aimed at protecting against malicious code, limiting damage from compromised applications, and enhancing privacy and resource control. To use sandbox-exec, you need a sandbox profile, which is a configuration file that outlines the rules for the secure environment. The basic command syntax is:
sandbox-exec -f profile.sb command_to_runHere, profile.sb specifies the rules, and command_to_run is the application to be executed within these constraints.
Sandbox profiles are written using a Scheme-like syntax and include version declarations, default policies, and specific rules. There are two fundamental approaches to setting up these profiles:
- Deny by Default: Restricts all operations initially and allows only necessary ones. Example:
(version 1) (deny default) (allow file-read-data (regex "^/usr/lib")) (allow process-exec (literal "/usr/bin/python3"))- Allow by Default: Permits all except specific operations. Example:
(version 1) (allow default) (deny network*) (deny file-write* (regex "^/Users"))For practical use, you might set up a sandbox terminal session with no network access:
# terminal-sandbox.sb (version 1) (allow default) (deny network*) (deny file-read-data (regex "/Users/[^/]+/(Documents|Pictures|Desktop)")Run it using:
sandbox-exec -f terminal-sandbox.sb zshAdditionally, macOS provides pre-built profiles in /System/Library/Sandbox/Profiles for common restriction scenarios, such as the no-network profile.
Who It's For
This tool is ideal for developers and security professionals who need to test applications in a controlled environment or impose strict security policies.
📖 Read the full source: HN LLM Tools
👀 See Also
PocketBot Beta: Privacy-First iOS AI Agent with Hybrid Local/Cloud Engine
PocketBot is an iOS AI agent that runs in the background, hooks into App Intents, and uses a hybrid engine: local execution for system triggers and PII sanitization, with cloud processing for complex tasks like email summarization or flight booking.
Claude Code's Illusion of Finished Work: Why Reviewing the Agent's Path Matters More Than the Diff
Claude Code can produce a clean diff, passing tests, and a good summary—yet still miss real behavior, security concerns, or architecture constraints. The author argues that reviewing the chain of actions (plans, files read, commands run, test output) is now essential, not just the final diff.
EsoLang-Bench: A Coding Benchmark Using Esoteric Languages to Test LLM Reasoning
Researchers created EsoLang-Bench, a coding benchmark using esoteric programming languages like Brainfuck and Whitespace to test whether LLMs can reason or just pattern-match. The best result across GPT-5.2, O4-mini, Gemini, Qwen, and Kimi was 11.2%.
Lobster Cage: Dockerized Security Environment for Self-Hosting OpenClaw on Raspberry Pi
A developer built Lobster Cage, a Docker Compose environment with restricted outbound access and proxy-based routing to run OpenClaw securely on a Raspberry Pi for experimentation.