Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

sandbox_init(3) [mojave man page]

SANDBOX_INIT(3) 					   BSD Library Functions Manual 					   SANDBOX_INIT(3)

NAME

     sandbox_init, sandbox_free_error -- set process sandbox (DEPRECATED)

SYNOPSIS

     #include <sandbox.h>

     int
     sandbox_init(const char *profile, uint64_t flags, char **errorbuf);

     void
     sandbox_free_error(char *errorbuf);

DESCRIPTION

     The sandbox_init() and sandbox_free_error() functions are DEPRECATED.  Developers who wish to sandbox an app should instead adopt the App
     Sandbox feature described in the App Sandbox Design Guide.

     The sandbox_init() function places the current process into a sandbox(7). The NUL-terminated string profile specifies the profile to be used
     to configure the sandbox.	The flags specified are formed by or'ing the following values:

     SANDBOX_NAMED	     The profile argument specifies a sandbox profile named by one of the constants given in the AVAILABLE PROFILES sec-
			     tion below.

     The out parameter *errorbuf will be set according to the error status.

RETURN VALUES

     Upon successful completion of sandbox_init(), a value of 0 is returned and *errorbuf is set to NULL.  In the event of an error, a value of -1
     is returned and *errorbuf is set to a pointer to a NUL-terminated string describing the error.  This string may contain embedded newlines.
     This error information is suitable for developers and is not intended for end users.  This pointer should be passed to sandbox_free_error(3)
     to release the allocated storage when it is no longer needed.

AVAILABLE PROFILES

     The following are brief descriptions of each available profile.  Keep in mind that sandbox(7) restrictions are typically enforced at resource
     acquisition time.

     kSBXProfileNoInternet		TCP/IP networking is prohibited.  DEPRECATED.

     kSBXProfileNoNetwork		All sockets-based networking is prohibited.  DEPRECATED.

     kSBXProfileNoWrite 		File system writes are prohibited.  DEPRECATED.

     kSBXProfileNoWriteExceptTemporary	File system writes are restricted to the temporary folder /var/tmp and the folder specified by the
					confstr(3) configuration variable _CS_DARWIN_USER_TEMP_DIR.  DEPRECATED.

     kSBXProfilePureComputation 	All operating system services are prohibited.  DEPRECATED.

SEE ALSO

     sandbox-exec(1), sandbox(7), sandboxd(8)

Mac OS X							   March 9, 2017							  Mac OS X

Check Out this Related Man Page

rpcsvchost(8)						    BSD System Manager's Manual 					     rpcsvchost(8)

NAME

     rpcsvchost -- hosting environment for DCE/RPC services

SYNOPSIS

     rpcsvchost [options] service [service ...]

DESCRIPTION

     rpcsvchost is a very simple environment for hosting DCE/RPC services.  It loads DCE/RPC services from the list of plugins given as arguments,
     binds to an appropriate set of endpoints and listens for protocol requests.

     If service is not a relative file name, it is assumed to be the name of a dylib located in /usr/lib/rpcsvc.

OPTIONS

     -debug, -nodebug
	      rpcsvchost will log debug information and may perform extra diagnostic checks. This option is typically only useful for debugging.

     -endpoints BINDING [,BINDING]
	      This argument specifies additional endpoints that rpcsvchost should attempt to bind.  BINDING must be a comma-separated list of
	      DCE/RPC binding strings that include both the protocol sequence and endpoint fields.

     -help    Prints a usage message and exits.

     -launchd, -nolaunchd
	      Normally, rpcsvchost attempts to bind all the well-known endpoints specified by the service plugins.  If there are no well-known
	      endpoints, it will bind new endpoints on all supported protocol sequences. The -launchd option disables this behavior and causes
	      rpcsvchost to check in with launchd(8) to obtain a set of sockets to bind as protocol endpoints.

	      Launchd sockets vended to rpcsvchost must be named with the appropriate DCE/RPC protocol sequence (eg. "ncacn_np").

     -sandbox, -nosandbox
	      When this option is specified, the modules loaded by rpcsvchost will be run in a sandbox.  rpcsvchost will attempt to intialize the
	      sandbox using the sandbox profile with the name com.apple.<module-name>.sb. See sandbox(7) for an overview of the sandbox facility.

     -register, -noregister
	      When this option is specified, rpcsvchost attempts to register the loaded services with the DCE/RPC endpoint mapper.

     -stdout  Causes rpcsvchost to print log messages to standard output instead of the system log.

     -wait-for-debugger
	      Causes rpcsvchost to wait for a debugger to attach after it has loaded and initialized its plugins. This is useful for debugging
	      instances of rpcsvchost that are launched by launchd(8).

DIAGNOSTICS

     The rpcsvchost utility exits 0 on success, and >0 if an error occurs.

SEE ALSO

     launchd.plist(5), launchd(8), sandbox(7)

HISTORY

     The rpcsvchost utility first appeared in Mac OS 10.7.

Darwin								   June 2, 2019 							    Darwin
Man Page