OSX Support?

[lgarron]

Considering that I do most work on a personal computer, and have occasionally have interest in running semi-untrusted code (cool new projects like mbox!), I would love to be able to use this on my Macbook Pro.

OSX is officially "unix-compliant", but a lot of the code appears to be Linux-specific, so I presume this is not simple.

[tsgates]

As far as I know, OSX supports ptrace, which strace used as its underline interface. I think it should not be too difficult to implement.

[nascob]

Trying to build the project on 10.9.2 gives me:

/Applications/Xcode.app/Contents/Developer/usr/bin/make  all-am
gcc -DHAVE_CONFIG_H -I.  -I./linux/x86_64 -I./linux -I./linux -lcrypto  -Wall -Wwrite-strings -g -O2 -    MT mbox.o -MD -MP -MF .deps/mbox.Tpo -c -o mbox.o mbox.c
clang: warning: -lcrypto: 'linker' input unused
In file included from mbox.c:31:
./defs.h:42:10: fatal error: 'features.h' file not found
#include <features.h>
         ^
1 error generated.
make[1]: *** [mbox.o] Error 1
make: *** [all] Error 2

[vyvojar]

OSX does not support useful ptrace in any meaningful way - see http://uninformed.org/index.cgi?v=4&a=3&p=14 There's only dtrace. Dtrace can't intercept syscall outcomes, only passively inspect syscall inputs and outputs (through elaborate bpf-like language).

As such, true seccomp on OSX seems to be impossible (seatbelt is a MAC, not sandbox) without custom kext. I'd love to be proven wrong, though.

[iliyang]

I would absolutely love to see mbox ported to Mac, I'm ready to donate! Apart from running untrusted code, this would go one step toward making apps portable, i.e. storing their settings in a sandbox rather than in the messy ~/Library.