A sandboxing tool for macOS (sandbox_exec) and GNU/Linux (Bubblewrap).
Restricts:
- Filesystem. The heart of every sandboxing solution.
- Network. Forces outbound connections through a SOCKS or HTTP proxy, which enables fine-grained control.
- Commands. Not sure how this works; regardless, I am skeptical of this one. After all, what does it help to catch a shell command when the sandboxed application can just implement the same behavior directly?
I like the network part. In fact I explored the possibility of this kind of sandboxing combined with HTTP proxying just a week ago; Claude also suggested using Bubblewrap, which matches. I did not think of SOCKS proxying for non-HTTP connections, so Iām glad I found this.
That said, I think the HTTP proxying part here falls a bit short of my ideal solution, which would try harder to prevent data extrusion.