undefined | Better HN

0 pointscorv4mo ago0 comments

I happen to use a Mac, even when targeting Linux so I'd have to use a container or VM anyways. It's nice how lightweight bubblewrap would be however.

Consider one wanted to replicate the human-approval workflow that most agent harnesses offer. It's not obvious to me how that could be accomplished by dropping privileges without an escape hatch.

0 comments

kernc4mo ago

It being deprecated and all, didn't feel like wrapping it, but macOS supposedly has a similar `sandbox-exec` command ...

nowahe4mo ago

IIRC from a comment in another thread, it's marked as deprecated to stop people from using it directly and to use the offical macOS tools directly. But it's still used internally by macOS.

And I think that what CC's /sandbox uses on a Mac

j / k navigate · click thread line to collapse

0 comments

kernc4mo ago

It being deprecated and all, didn't feel like wrapping it, but macOS supposedly has a similar `sandbox-exec` command ...

nowahe4mo ago

IIRC from a comment in another thread, it's marked as deprecated to stop people from using it directly and to use the offical macOS tools directly. But it's still used internally by macOS.

And I think that what CC's /sandbox uses on a Mac

j / k navigate · click thread line to collapse