| ▲ | solarkraft 8 hours ago | |
These are Linux containers in a VM, I’m pretty sure GP is talking about native macOS containers. Which: They do actually have some container-like sandboxing tech around applications (“iTerm wants to access your downloads folder”). | ||
| ▲ | retsl 4 hours ago | parent [-] | |
Yes, afaik macOS apps could theoretically be sandboxed as well (or close to) as iOS apps are. You can find the policies for many first-party apps and deamons in /System/Library/Sandbox/Profiles. But in practice most third-party apps aren't. https://bdash.net.nz/posts/tcc-and-the-platform-sandbox-poli... and https://bdash.net.nz/posts/sandboxing-on-macos/ are good introductory articles. | ||