Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   23457 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

SANDBOX_INIT(3)		 BSD Library Functions Manual	       SANDBOX_INIT(3)

NAME
     sandbox_init, sandbox_free_error — set process sandbox (DEPRECATED)

SYNOPSIS
     #include <sandbox.h>

     int
     sandbox_init(const char *profile, uint64_t flags, char **errorbuf);

     void
     sandbox_free_error(char *errorbuf);

DESCRIPTION
     The sandbox_init() and sandbox_free_error() functions are DEPRECATED.
     Developers who wish to sandbox an app should instead adopt the App Sand‐
     box feature described in the App Sandbox Design Guide.

     The sandbox_init() function places the current process into a sandbox(7).
     The NUL-terminated string profile specifies the profile to be used to
     configure the sandbox.  The flags specified are formed by or'ing the fol‐
     lowing values:

     SANDBOX_NAMED	     The profile argument specifies a sandbox profile
			     named by one of the constants given in the
			     AVAILABLE PROFILES section below.

     The out parameter *errorbuf will be set according to the error status.

RETURN VALUES
     Upon successful completion of sandbox_init(), a value of 0 is returned
     and *errorbuf is set to NULL.  In the event of an error, a value of -1 is
     returned and *errorbuf is set to a pointer to a NUL-terminated string
     describing the error.  This string may contain embedded newlines.	This
     error information is suitable for developers and is not intended for end
     users.  This pointer should be passed to sandbox_free_error(3) to release
     the allocated storage when it is no longer needed.

AVAILABLE PROFILES
     The following are brief descriptions of each available profile.  Keep in
     mind that sandbox(7) restrictions are typically enforced at resource
     acquisition time.

     kSBXProfileNoInternet		TCP/IP networking is prohibited.

     kSBXProfileNoNetwork		All sockets-based networking is pro‐
					hibited.

     kSBXProfileNoWrite			File system writes are prohibited.

     kSBXProfileNoWriteExceptTemporary	File system writes are restricted to
					the temporary folder /var/tmp and the
					folder specified by the confstr(3)
					configuration variable _CS_DAR‐
					WIN_USER_TEMP_DIR.

     kSBXProfilePureComputation		All operating system services are pro‐
					hibited.

SEE ALSO
     sandbox-exec(1), sandbox(7), sandboxd(8)

Mac OS X		       November 15, 2011		      Mac OS X

Vote for polarhome