I'm trying to run a potentially untrusted application without the following permissions, through the sandbox-exec
command:
- file write (to avoid corruption/injection of files)
- network (to avoid communicate outside of my network)
- process creation (to avoid forks)
- access to system data (to avoid system corruption)
Let's suppose I need to run my application MyApp
.
I know it's possible to create a profile myprofile.sb
such as the following one, but I'm not sure everything is included.
(version 1)
(allow default)
# bullet point #1
(deny file-write*)
(deny file-write-data)
# bullet point #2
(deny network*)
# bullet point #3
(deny process-fork)
(deny job-creation)
(deny process-exec)
# bullet point #4
(deny sysctl-write)
# logging every action possible
(trace "/tmp/myapp_output.sb")
(debug all)
At this point, I run the following command to run MyApp
safely:
sandbox-exec -f ./myprofile.sb MyApp
If I run sample commands (e.g. ping google.it
or touch /tmp/file.txt
), the commands are executed correctly. Why? Am I missing something?
Best Answer
I know it's an old question, but maybe someone finds the answer useful.
The trace operation generates rules in the given output file.
Which means: the operations are not denied by the deny rules if the trace operator is in the profile file.