alt Hacker NewsSBPL (sandbox profile language) is interesting. Some details here: https://github.com/0xbf00/simbple
I'm curious if there's a Scheme interpreter somewhere as part of macos that consumes these?
PS looks like it's "sandbox-exec" that does this. Ref: https://reverse.put.as/wp-content/uploads/2011/09/Apple-Sand...
I first learned about it from iTerm2's build process: https://github.com/gnachman/iTerm2/blob/v3.5.6/Makefile#L170 and https://github.com/gnachman/iTerm2/blob/v3.5.6/deps.sb