Launch REPL in a Sandbox on macOS
mattt opened this issue · comments
Mattt commented
As a general rule, you shouldn't run untrusted code. However, it would be helpful to either document or provide built-in functionality to run everything through sandbox-exec(1)
on macOS. For example, a user could pass the following sandbox profile to prevent the evaluated code from accessing the network:
(version 1)
(allow default)
(deny network*)