| Filesystem (mapping paths read/write) |
Linux |
✅ |
bind mounts, pivot_root |
|
| macOS (sandboxd) |
✔️ |
- sandboxfs and chroot
- file-read*
- file-read-data
- file-write*
- file-write-data
- file-write-mount
- file-write-unmount
|
- Requires OSXFUSE to be installed separately.
-
Directory tree is visible outside the sandbox because there is no
equivalent to pivot_root in macOS.
-
Device files are not properly supported on sandboxfs. See
bazelbuild/sandboxfs#87.
|
| Filesystem (metadata read/write, e.g. ls) |
Linux |
TODO: RESEARCH |
|
|
| macOS (sandboxd) |
✅ |
- file-read-metadata
- file-write-owner
- file-write-setugid
- file-write-times
|
|
| Filesystem (extended attributes read/write) |
Linux |
✅ |
TODO: RESEARCH |
|
| macOS (sandboxd) |
✅ |
- file-read-xattr, file-write-xattr
- sandboxfs 2.0 supports extended attrributes
|
|
| Filesystem (allow/deny chroot) |
Linux |
✅ |
seccomp |
|
| macOS (sandboxd) |
✅ |
file-chroot |
|
| Filesystem (procfs) |
Linux |
✅ |
procfs mounts |
|
| macOS (sandboxd) |
❌ |
|
procfs does not exist on macOS, so it's not applicable. |
| Filesystem (tmpfs) |
Linux |
✅ |
tmpfs mounts |
|
| macOS (sandboxd) |
✔️ |
Ramdisks, real directories |
- No tmpfs implementation for OSXFUSE, sadly.
- HFS+ ramdisks are available, but they cannot swap to disk.
-
Can be emulated with a global temp dir for the current session and
using sandboxfs to map subdirectories to each location
where a tmpfs is requested. This has noticeable performance
overhead, though, unlike real tmpfs, and the dirtree is
visible outside the sandbox.
-
You can set the global temp dir location in the sandbox like this:
(define TMPDIR (literal "/path/to/tmpdir"))
|
| Network (destination, protocol, port filtering) |
Linux |
✔️ |
CLONE_NEWNET, netlink |
- Trivial to set up block-all, local-only, and allow-all.
-
Harder to do fine-tuned protocol and port filtering.
See
flatpak/flatpak#1202.
|
| macOS (sandboxd) |
✅ |
- network*
- network-bind
- network-inbound
- network-outbound
- system-socket
|
No IP filtering; only accepts localhost or *. |
| Network (hiding host interfaces) |
Linux |
✅ |
CLONE_NEWNET, netlink, seccomp |
|
| macOS (sandboxd) |
❌ |
|
No way to hide host network interfaces on macOS because lack of
namespacing. Inherits network configuration from host.
|
| IPC (allow/deny UNIX sockets) |
Linux |
✔️ |
CLONE_NEWNET, netlink |
No way to differentiate between TCP and UNIX sockets. You can only block
all or allow all access to existing sockets or creation of new sockets.
|
| macOS (sandboxd) |
✔️ |
- system-socket
- network* (remote unix (path-literal PATH))
|
No way to differentiate between TCP and UNIX sockets. You can only block
all or allow all creation of new sockets. We can whitelist access
to external UNIX sockets by path, though.
|
| IPC (allow/deny SysV IPC, semaphores, Mach ports, etc.) |
Linux |
✅ |
CLONE_NEWIPC, seccomp |
|
| macOS (sandboxd) |
✔️ |
- ipc*
- ipc-posix*
- ipc-posix-sem
- ipc-posix-shm
- ipc-sysv*
- ipc-sysv-msg
- ipc-sysv-sem
- ipc-sysv-shm
- mach-bootstrap (?)
- mach-lookup
|
No way to restrict IPC only to processes inside the sandbox due to lack
of namespacing. If enabled, IPC endpoints outside the sandbox are
visible.
|