Unix Manual Page for sandbox

Unknown option: "-7" Unix manual page for sandbox. (host=minya system=Darwin)
SANDBOX(7)           BSD Miscellaneous Information Manual           SANDBOX(7)

NAME
     sandbox -- overview of the sandbox facility

SYNOPSIS
     #include <sandbox.h>

DESCRIPTION
     The sandbox facility allows applications to voluntarily restrict their
     access to operating system resources.  This safety mechanism is intended
     to limit potential damage in the event that a vulnerability is exploited.
     It is not a replacement for other operating system access controls.

     New processes inherit the sandbox of their parent.  Restrictions are gen-
     erally enforced upon acquisition of operating system resources only.  For
     example, if file system writes are restricted, an application will not be
     able to open(2) a file for writing.  However, if the application already
     has a file descriptor opened for writing, it may use that file descriptor
     regardless of restrictions.

SEE ALSO
     sandbox-exec(1), sandbox_init(3), sandboxd(8)

Mac OS X                       January 29, 2010                       Mac OS X