This manual page is for Mac OS X version 10.6

If you are running a different version of Mac OS X, view the documentation locally:

  • In Terminal, using the man(1) command

Reading manual pages

Manual pages are intended as a quick reference for people who already understand a technology.

  • For more information about the manual page format, see the manual page for manpages(5).

  • For more information about this technology, look for other documentation in the Apple Reference Library.

  • For general information about writing shell scripts, read Shell Scripting Primer.


SANDBOX_INIT(3)                         BSD Library Functions Manual                         SANDBOX_INIT(3)

NAME
     sandbox_init, sandbox_free_error -- set process sandbox

SYNOPSIS
     #include <sandbox.h>

     int
     sandbox_init(const char *profile, uint64_t flags, char **errorbuf);

     void
     sandbox_free_error(char *errorbuf);

DESCRIPTION
     sandbox_init() places the current process into a sandbox(7). The NUL-terminated string profile speci-fies specifies
     fies the profile to be used to configure the sandbox.  The flags specified are formed by or'ing the
     following values:

     SANDBOX_NAMED           The profile argument specifies a sandbox profile named by one of the constants
                             given in the AVAILABLE PROFILES section below.

     The out parameter *errorbuf will be set according to the error status.

RETURN VALUES
     Upon successful completion of sandbox_init(), a value of 0 is returned and *errorbuf is set to NULL.
     In the event of an error, a value of -1 is returned and *errorbuf is set to a pointer to a NUL-termi-nated NUL-terminated
     nated string describing the error.  This string may contain embedded newlines.  This error information
     is suitable for developers and is not intended for end users.  This pointer should be passed to
     sandbox_free_error(3) to release the allocated storage when it is no longer needed.

AVAILABLE PROFILES
     The following are brief descriptions of each available profile.  Keep in mind that sandbox(7) restric-tions restrictions
     tions are typically enforced at resource acquisition time.

     kSBXProfileNoInternet              TCP/IP networking is prohibited.

     kSBXProfileNoNetwork               All sockets-based networking is prohibited.

     kSBXProfileNoWrite                 File system writes are prohibited.

     kSBXProfileNoWriteExceptTemporary  File system writes are restricted to the temporary folder /var/tmp
                                        and the folder specified by the confstr(3) configuration variable
                                        _CS_DARWIN_USER_TEMP_DIR.

     kSBXProfilePureComputation         All operating system services are prohibited.

SEE ALSO
     sandbox-exec(1), sandbox(7), sandboxd(8)

Mac OS X                                        July 7, 2007                                        Mac OS X

Reporting Problems

The way to report a problem with this manual page depends on the type of problem:

Content errors
Report errors in the content of this documentation with the feedback links below.
Bug reports
Report bugs in the functionality of the described tool or API through Bug Reporter.
Formatting problems
Report formatting mistakes in the online version of these pages with the feedback links below.