Is it possible to do something like the concept of sandboxing (like all apps on iOS have its own system software resources) for all existing applications (so – not while designing an own new application) on OSX (Lion/ML/Maverics) just copying required frameworks, libraries, binaries (/usr, /etc, /Library, etc.) and than using chroot for the process when start?
IOS – How to isolate an application from the system (fully sandboxed application)
iosmacossandboxSecurity
Related Question
- MacOS – Issues with /usr/lib/libcups.2.dylib. x86 applications will not execute
- MacOS – safely backup the system by simply tarring things
- macOS – How to Install Linux Applications
- MacOS – How to tell if a MacOS App is notarized or sandboxed
- MacOS – How to see where can a sandboxed Mac application write on the disk
Best Answer
Of course this is possible - iOS sandboxes all applications by default and runs on the same Darwin core as OS X. Apple hasn't chosen to implement this on OS X, so you would have a lot of engineering work to bolt this extra security on top of OS X. In the short run, it might be easier to virtualize the OS if you only need to sandbox one or two applications.