← HomeLogin
Sandbox-exec is macOS's little-known command-line sandboxing tool
~dev.toolsmacossandboxes
igorstechnoclub.com May 31, 2026

Summary

sandbox-exec is a built-in macOS command-line utility that enables users to execute applications within a sandboxed environment. In essence, it creates a secure, isolated space where applications can run with limited access to system resources – only accessing what you explicitly permit.

[...]

Using sandbox-exec requires creating a sandbox profile (configuration file) that defines the rules for your secure environment. The basic syntax is:

sandbox-exec -f profile.sb command\_to\_run

Where profile.sb contains the rules defining what the sandboxed application can and cannot do, and command_to_run is the application you want to run within those constraints.