February 21, 2026
Baby jail for your apps
macOS's Little-Known Command-Line Sandboxing Tool
Mac’s secret “app jail” has fans, hacks… and a deprecation bombshell
TLDR: macOS has a built‑in command that runs apps in a restricted space for safety, but Apple now labels it deprecated and points developers to newer methods. Commenters split between “still handy for testing” and “dead tool walking,” while others share wrappers, UIs, and ask if package managers should adopt it.
Meet sandbox‑exec, the Mac’s quiet “app jail” that lets you run sketchy apps in a locked room. The guide shows how to set strict rules—either block everything, then allow only what you need, or allow most things and block the scary stuff—so you can test safely and keep your files, photos, and network off‑limits. Sounds tidy, right? The comments turned it into a reality show.
One camp is hyped: CGamesPlay drops agent‑safehouse, a wrapper open‑sourced after a previous HN dust‑up. Another reminds everyone this is just one piece of Apple’s bigger security umbrella, linking the official docs. Meanwhile, davidcann flexes a shiny UI to run terminal apps like Claude and Codex via multitui.com, turning command‑line anxiety into one‑click calm. Then the record scratches: someone cites the man page—“sandbox‑exec is DEPRECATED”—and the room splits.
Cue drama: skeptics call it security cosplay; pragmatists say it’s still great for quick tests and belt‑and‑suspenders setups. A thread wonders if Brew or MacPorts should use it for safer builds. Jokes fly about putting apps in “baby jail” and giving malware “Do Not Disturb.” Verdict? Useful, spicy, and just controversial enough to trend.
Key Points
- •sandbox-exec is a built-in macOS command-line utility to run applications in a restricted sandbox environment.
- •Sandboxing benefits include protection from malicious code, damage limitation, privacy control, testing with limited permissions, and resource/network restrictions.
- •Sandbox profiles use Scheme/LISP-like syntax with version, default policy, and specific rules targeting resources via literals, regex, and subpaths.
- •Two policy approaches are outlined: deny-by-default (most secure, explicit allows) and allow-by-default (more permissive, targeted denies).
- •Practical examples include a sandboxed zsh terminal blocking network and personal directories, and the use of pre-built profiles in /System/Library/Sandbox/Profiles.