alt Hacker NewsThese are Linux containers in a VM, I’m pretty sure GP is talking about native macOS containers.
Which: They do actually have some container-like sandboxing tech around applications (“iTerm wants to access your downloads folder”).
These are Linux containers in a VM, I’m pretty sure GP is talking about native macOS containers.
Which: They do actually have some container-like sandboxing tech around applications (“iTerm wants to access your downloads folder”).
Yes, afaik macOS apps could theoretically be sandboxed as well (or close to) as iOS apps are. You can find the policies for many first-party apps and deamons in /System/Library/Sandbox/Profiles. But in practice most third-party apps aren't.
https://bdash.net.nz/posts/tcc-and-the-platform-sandbox-poli... and https://bdash.net.nz/posts/sandboxing-on-macos/ are good introductory articles.