alt Hacker NewsDo any of the third-party package managers (Brew, MacPorts) perhaps use this for things like builds (or even installs, if things are restricted to (e.g.) /opt)?
Replies
woodruffw • today at 4:29 PM
Homebrew uses sandbox-exec during builds and installs, yeah. To my memory we’ve used it for at least 6 or 7 years, probably longer.
cwicklein • today at 3:15 PM
I’ve written a personal system in Common Lisp for building third-party software on macOS (coincidentally somewhat similar to GUIX), and I use sandbox-exec to isolate execution so that only intended requisites affect the build process and so that installation is strictly confined to the configured destination directory, no scribbling outside the lines.
I think Bazel uses sandbox-exec on macOS.
Nix uses the underlying libsandbox function for builds: https://github.com/NixOS/nix/blob/614072adcb56202f0a09532971...