Summary
sandbox-execis a built-in macOS command-line utility that enables users to execute applications within a sandboxed environment. In essence, it creates a secure, isolated space where applications can run with limited access to system resources – only accessing what you explicitly permit.
[...]
Using
sandbox-execrequires creating a sandbox profile (configuration file) that defines the rules for your secure environment. The basic syntax is:sandbox-exec -f profile.sb command\_to\_runWhere
profile.sbcontains the rules defining what the sandboxed application can and cannot do, andcommand_to_runis the application you want to run within those constraints.