Engineering
seatbelt-sandboxer avatar

seatbelt-sandboxer

Generates minimal macOS Seatbelt sandbox configurations for application isolation and security profiling.

Introduction

The seatbelt-sandboxer skill is a security-focused tool designed for developers and security engineers who need to implement defense-in-depth on macOS. It streamlines the creation of allowlist-based Seatbelt sandbox profiles to restrict application permissions effectively. By applying the principle of least privilege, users can isolate processes to prevent unauthorized file access, network exploitation, and system-level tampering. The tool assists in mapping complex application requirements to specific Seatbelt operations, ensuring that the resulting profiles are as restrictive as possible while maintaining intended application functionality.

  • Maps application resource requirements to specific Seatbelt categories: File Read/Write, Network, Mach IPC, Sysctl, IOKit, and System calls.

  • Implements a hierarchical profiling methodology starting with a 'deny-default' base and selectively granting permissions based on verified needs.

  • Provides syntax guidance for distinguishing between broad permissions (like file-read-metadata) and specific data access (like file-read-data).

  • Automates the configuration of network filters, enabling granular control over localhost services, DNS resolution, and specific outbound connections.

  • Handles multi-subcommand applications by facilitating separate profiles and drop-in helper scripts for CLI-based tooling.

  • Use this skill when tasked with sandboxing sensitive utilities, build tools, or untrusted binary execution on macOS.

  • Ideal for hardening CI/CD pipelines or local development environments where supply chain security is a priority.

  • Users must input the application's required resources and environment specifics (e.g., WORKING_DIR, HOME paths) to receive an accurate configuration file.

  • Note that this is exclusively for macOS Seatbelt profiles and is not applicable for Linux (use AppArmor/seccomp) or Windows environments.

  • Avoid using this for applications requiring broad system access or quick, non-critical scripts where administrative overhead is not justified.

Repository Stats

Stars
4,904
Forks
428
Open Issues
21
Language
Python
Default Branch
main
Sync Status
Idle
Last Synced
Apr 30, 2026, 09:01 AM
View on GitHub