Unix Manual Page for sandbox

Unknown option: "-3" Unix manual page for sandbox_init. (host=minya system=Darwin)
SANDBOX_INIT(3)          BSD Library Functions Manual          SANDBOX_INIT(3)

NAME
     sandbox_init, sandbox_free_error -- set process sandbox (DEPRECATED)

SYNOPSIS
     #include <sandbox.h>

     int
     sandbox_init(const char *profile, uint64_t flags, char **errorbuf);

     void
     sandbox_free_error(char *errorbuf);

DESCRIPTION
     The sandbox_init() and sandbox_free_error() functions are DEPRECATED.
     Developers who wish to sandbox an app should instead adopt the App Sand-
     box feature described in the App Sandbox Design Guide.

     The sandbox_init() function places the current process into a sandbox(7).
     The NUL-terminated string profile specifies the profile to be used to
     configure the sandbox.  The flags specified are formed by or'ing the fol-
     lowing values:

     SANDBOX_NAMED           The profile argument specifies a sandbox profile
                             named by one of the constants given in the
                             AVAILABLE PROFILES section below.

     The out parameter *errorbuf will be set according to the error status.

RETURN VALUES
     Upon successful completion of sandbox_init(), a value of 0 is returned
     and *errorbuf is set to NULL.  In the event of an error, a value of -1 is
     returned and *errorbuf is set to a pointer to a NUL-terminated string
     describing the error.  This string may contain embedded newlines.  This
     error information is suitable for developers and is not intended for end
     users.  This pointer should be passed to sandbox_free_error(3) to release
     the allocated storage when it is no longer needed.

AVAILABLE PROFILES
     The following are brief descriptions of each available profile.  Keep in
     mind that sandbox(7) restrictions are typically enforced at resource
     acquisition time.

     kSBXProfileNoInternet              TCP/IP networking is prohibited.
                                        DEPRECATED.

     kSBXProfileNoNetwork               All sockets-based networking is pro-
                                        hibited.  DEPRECATED.

     kSBXProfileNoWrite                 File system writes are prohibited.
                                        DEPRECATED.

     kSBXProfileNoWriteExceptTemporary  File system writes are restricted to
                                        the temporary folder /var/tmp and the
                                        folder specified by the confstr(3)
                                        configuration variable _CS_DAR-
                                        WIN_USER_TEMP_DIR.  DEPRECATED.

     kSBXProfilePureComputation         All operating system services are pro-
                                        hibited.  DEPRECATED.

SEE ALSO
     sandbox-exec(1), sandbox(7), sandboxd(8)

Mac OS X                         March 9, 2017                        Mac OS X