SANDBOX(7) BSD Miscellaneous Information Manual SANDBOX(7)NAME
sandbox -- overview of the sandbox facility
SYNOPSIS
#include <sandbox.h>
DESCRIPTION
The sandbox facility allows applications to voluntarily restrict their access to operating system resources. This safety mechanism is
intended to limit potential damage in the event that a vulnerability is exploited. It is not a replacement for other operating system access
controls.
New processes inherit the sandbox of their parent. Restrictions are generally enforced upon acquisition of operating system resources only.
For example, if file system writes are restricted, an application will not be able to open(2) a file for writing. However, if the applica-
tion already has a file descriptor opened for writing, it may use that file descriptor regardless of restrictions.
SEE ALSO sandbox-exec(1), sandbox_init(3), sandboxd(8)Mac OS X January 29, 2010 Mac OS X
Check Out this Related Man Page
rpcsvchost(8) BSD System Manager's Manual rpcsvchost(8)NAME
rpcsvchost -- hosting environment for DCE/RPC services
SYNOPSIS
rpcsvchost [options] service [service ...]
DESCRIPTION
rpcsvchost is a very simple environment for hosting DCE/RPC services. It loads DCE/RPC services from the list of plugins given as arguments,
binds to an appropriate set of endpoints and listens for protocol requests.
If service is not a relative file name, it is assumed to be the name of a dylib located in /usr/lib/rpcsvc.
OPTIONS -debug, -nodebug
rpcsvchost will log debug information and may perform extra diagnostic checks. This option is typically only useful for debugging.
-endpoints BINDING [,BINDING]
This argument specifies additional endpoints that rpcsvchost should attempt to bind. BINDING must be a comma-separated list of
DCE/RPC binding strings that include both the protocol sequence and endpoint fields.
-help Prints a usage message and exits.
-launchd, -nolaunchd
Normally, rpcsvchost attempts to bind all the well-known endpoints specified by the service plugins. If there are no well-known
endpoints, it will bind new endpoints on all supported protocol sequences. The -launchd option disables this behavior and causes
rpcsvchost to check in with launchd(8) to obtain a set of sockets to bind as protocol endpoints.
Launchd sockets vended to rpcsvchost must be named with the appropriate DCE/RPC protocol sequence (eg. "ncacn_np").
-sandbox, -nosandbox
When this option is specified, the modules loaded by rpcsvchost will be run in a sandbox. rpcsvchost will attempt to intialize the
sandbox using the sandbox profile with the name com.apple.<module-name>.sb. See sandbox(7) for an overview of the sandbox facility.
-register, -noregister
When this option is specified, rpcsvchost attempts to register the loaded services with the DCE/RPC endpoint mapper.
-stdout Causes rpcsvchost to print log messages to standard output instead of the system log.
-wait-for-debugger
Causes rpcsvchost to wait for a debugger to attach after it has loaded and initialized its plugins. This is useful for debugging
instances of rpcsvchost that are launched by launchd(8).
DIAGNOSTICS
The rpcsvchost utility exits 0 on success, and >0 if an error occurs.
SEE ALSO launchd.plist(5), launchd(8), sandbox(7)HISTORY
The rpcsvchost utility first appeared in Mac OS 10.7.
Darwin June 1, 2019 Darwin
hi guys,
I need to create a sandbox environment on my Debian based LAMP server for PHP/MySql development. Anyone who could point me in the right direction or share their insight? (1 Reply)
Hi guys,
I have a problem in unix shell script for abinitio.
if i'm using air sandbox parameters command to set the parameter
ABC_FILE_MASK to this value ^abc_rules_.csv$ , it is throwing error.
Some one please help me find a solution. (1 Reply)
Is it possible to write an application in "c" that can be used to start other applications and limit a process from using certain Linux APIs ( in this case I want to keep a process from being able to access the internet ) ? I've been reading "The Linux Programming Interface" by Micheal Kerrisk ,... (11 Replies)