Siguza · August 28, 2025 05:15
diff --git a/sandbox_spawn.c b/sandbox_spawn.c
 #include <spawn.h>
 #include <stdint.h>
 #include <stdio.h>

 extern char **environ;

 typedef struct
 {
    uint32_t version;
    uint32_t size;
    uint32_t profileNameLen;
    uint32_t containerLen;
    char profileName[0x40];
    char container[0x400];
 } sandbox_spawnattr_t;

 extern void sandbox_spawnattrs_init(sandbox_spawnattr_t *attr);
 extern int sandbox_spawnattrs_getprofilename(sandbox_spawnattr_t *attr, char **profileNameP);
 extern int sandbox_spawnattrs_getcontainer(sandbox_spawnattr_t *attr, char **containerP);
 extern int sandbox_spawnattrs_setprofilename(sandbox_spawnattr_t *attr, const char *profileName);
 extern int sandbox_spawnattrs_setcontainer(sandbox_spawnattr_t *attr, const char *container);

 extern int posix_spawnattr_setmacpolicyinfo_np(posix_spawnattr_t *attr, const char *policy, void *data, size_t len);

 #define CHECK(val, name) do { if((val) != 0) { fprintf(stderr, "%s: %d\n", (name), (val)); return -1; } } while(0)

 int main(int argc, char *argv[])
 {
    if(argc < 4)
    {
        fprintf(stderr, "Usage: %s <profile> <container> cmd [args...]\n", argv[0]);
        return -1;
    }
    int r;
    sandbox_spawnattr_t sb;
    sandbox_spawnattrs_init(&sb);
    r = sandbox_spawnattrs_setprofilename(&sb, argv[1]);
    CHECK(r, "sandbox_spawnattrs_setprofilename");
    r = sandbox_spawnattrs_setcontainer(&sb, argv[2]);
    CHECK(r, "sandbox_spawnattrs_setcontainer");
    posix_spawnattr_t attr;
    r = posix_spawnattr_init(&attr);
    CHECK(r, "posix_spawnattr_init");
    r = posix_spawnattr_setmacpolicyinfo_np(&attr, "Sandbox", &sb, sizeof(sb));
    CHECK(r, "posix_spawnattr_setmacpolicyinfo_np");
    r = posix_spawnattr_setflags(&attr, POSIX_SPAWN_SETEXEC);
    CHECK(r, "posix_spawnattr_setflags");
    pid_t pid;
    r = posix_spawnp(&pid, argv[3], NULL, &attr, argv + 3, environ);
    fprintf(stderr, "posix_spawnp: %d\n", r);
    return -1;
 }
	#include <spawn.h>
	#include <stdint.h>
	#include <stdio.h>

	extern char **environ;

	typedef struct
	{
	uint32_t version;
	uint32_t size;
	uint32_t profileNameLen;
	uint32_t containerLen;
	char profileName[0x40];
	char container[0x400];
	} sandbox_spawnattr_t;

	extern void sandbox_spawnattrs_init(sandbox_spawnattr_t *attr);
	extern int sandbox_spawnattrs_getprofilename(sandbox_spawnattr_t attr, char *profileNameP);
	extern int sandbox_spawnattrs_getcontainer(sandbox_spawnattr_t attr, char *containerP);
	extern int sandbox_spawnattrs_setprofilename(sandbox_spawnattr_t attr, const char profileName);
	extern int sandbox_spawnattrs_setcontainer(sandbox_spawnattr_t attr, const char container);

	extern int posix_spawnattr_setmacpolicyinfo_np(posix_spawnattr_t attr, const char policy, void *data, size_t len);

	#define CHECK(val, name) do { if((val) != 0) { fprintf(stderr, "%s: %d\n", (name), (val)); return -1; } } while(0)

	int main(int argc, char *argv[])
	{
	if(argc < 4)
	{
	fprintf(stderr, "Usage: %s <profile> <container> cmd [args...]\n", argv[0]);
	return -1;
	}
	int r;
	sandbox_spawnattr_t sb;
	sandbox_spawnattrs_init(&sb);
	r = sandbox_spawnattrs_setprofilename(&sb, argv[1]);
	CHECK(r, "sandbox_spawnattrs_setprofilename");
	r = sandbox_spawnattrs_setcontainer(&sb, argv[2]);
	CHECK(r, "sandbox_spawnattrs_setcontainer");
	posix_spawnattr_t attr;
	r = posix_spawnattr_init(&attr);
	CHECK(r, "posix_spawnattr_init");
	r = posix_spawnattr_setmacpolicyinfo_np(&attr, "Sandbox", &sb, sizeof(sb));
	CHECK(r, "posix_spawnattr_setmacpolicyinfo_np");
	r = posix_spawnattr_setflags(&attr, POSIX_SPAWN_SETEXEC);
	CHECK(r, "posix_spawnattr_setflags");
	pid_t pid;
	r = posix_spawnp(&pid, argv[3], NULL, &attr, argv + 3, environ);
	fprintf(stderr, "posix_spawnp: %d\n", r);
	return -1;
	}