Comment by simonw
8 months ago
Thanks, I was wrong to say seatbelt had been deprecated, it's just sandbox-exec
This stuff is so frustrating though! If your sandboxing mechanism requires you to be "an expert in macOS internals" it's not going to get used often, and the people who DO use it are liable to make mistakes.
Clear documentation and a great developer experience are, in my opinion, essential for sandboxing mechanisms - and most of them don't have that.
Apple do have those things! People just like bypassing it :) For the AI use case that you're interested in, there are ways to do this that go with Apple's flow, but UNIX hackers tend to be attracted to sandbox-exec because it looks simple even though it's not, and because doing it Apple's way requires learning a lot of Apple specific tech. Whereas the SBPL is deceptively UNIXy and simple looking.
I am very motivated to solve this problem and I have been unable to solve it given Apple's current platform and documentation.
Hm, OK. Is there some reason that dev containers and running agents inside it won't work? I've been looking at AI sandboxing lately and can't quite decide if there's really a problem to solve here, or whether giving the agent a container regardless of platform is what makes the most sense. I guess it depends on whether you're developing apps that can run containerized - most devs do I imagine, but if you're writing mobile or desktop apps then a different strategy would be needed.
2 replies →