Sandboxing is a concept where we try to sandbox mods from the users host system without loosing any performance like in a VM. Currently, we
There is no clear solution to this yet, but it should take heavy inspiration from The Chromium Windows Sandbox
From RayAar/minecraft-macos-sandboxing, this repo has now moved to this document
Documentation in progress
The idea for MacOS sandboxing is to completely sandbox Minecraft. This will disable minecraft from accessing any harmful data which it could gain access to. We used apple's sandbox-exec and created a profile for it. The profile will* only give access to files which minecraft needs to run.
It uses MacOS's inbuilt sandbox-exec command to work, as sandbox-exec is a fully native-to-MacOS way to securely sandbox apps. It is used in the backend of many of MacOS's systems, and is still used in XCode's App Sandbox feature to this day.
Run the command:
sandbox-exec -f Path/To/The/Sandbox/Profile/minecraft-sandbox.sb /Applications/Minecraft.app/Contents/MacOS/launcher
Note: This project is still in development and may not function as it should, some extra files may still be given access to Minecraft which will be removed in future versions. Be vary of this before using this project.
We could use something like flatpak here, though its unlikely, the current most likely solution is to use linux namespaces to work like a docker-like system.
This is mainly solved other then implementation details