Comment by fizlebit
7 hours ago
I do feel like better application sandboxing is needed but so much open source software is built on the Unix abstraction meaning you have to run in a container, but macOS doesn’t have containers as far as I can see, and containers themselves are a bit of a poor abstraction, although maybe the best we can do with Unix at the core. I think something closer to Roblox studio would be cool where when you open an environment stuff just spins up in the background, but there is a good debugger, logging, developer ide, good rendering, eg 3d graphics, separate projects are separate, and when you spin down a game (read app or project) everything spins down.
I don't think it's viable to containerize an IDE. Running user code at full permissions is a core feature for an IDE. The programs that the user develops in an IDE could potentially touch any OS surface. When the user is a developer, you have to trust them.
Though this autorun feature is crazy and should be completely off by default.
It's a good idea so it can't take over your dev machine.
But not sufficient since it'll still F over whatever code you are working on resulting in a backdoored app getting deployed + infected dev scripts etc bringing interesting times to your teammates, downstream open source project users, your api keys and cloud credentials getting compromised etc.
Apple did actually introduce its own container framework in Tahoe, but it’s still early days. https://github.com/apple/container
These are Linux containers in a VM, I’m pretty sure GP is talking about native macOS containers.
Which: They do actually have some container-like sandboxing tech around applications (“iTerm wants to access your downloads folder”).
Yes, afaik macOS apps could theoretically be sandboxed as well (or close to) as iOS apps are. You can find the policies for many first-party apps and deamons in /System/Library/Sandbox/Profiles. But in practice most third-party apps aren't.
https://bdash.net.nz/posts/tcc-and-the-platform-sandbox-poli... and https://bdash.net.nz/posts/sandboxing-on-macos/ are good introductory articles.
UTM is free and spins up native macOS VMs. If I absolutely have to write JavaScript that’s where I do it, since Sha1 Hulud.
apple has pretty good containers actually. why do you say they are a poor abstraction?
That what stuff like XPC and entitlements are for, which naturally programs from UNIX culture background don't care to use.
[dead]