Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Integrate the MacOS sandbox into an executable Firefox application Web Browsers
Following up on the ideas of this previous hint, there is also a possibility to make an application which starts with the sandbox already activated, so there is no need to run a shell script every time you need the sandbox.

This is how to do that:
  • Make a copy of your Firefox.app and rename it to FirefoxSandbox.app
  • Right-Click on FirefoxSandbox.app and choose 'Show Package Contents.'
  • Take the sandbox definition from the hint referenced above and save it as 'sandbox' in the Contents/MacOS subfolder of the package. Replace all the references to 'Firefox.app' within that file with 'FirefoxSandbox.app.'
  • Create a file called 'firefoxSandbox' in the same Contents/MacOS folder and make it executable.
  • The contents of the 'firefoxSandbox' file are (just paste in the following):
      #!/bin/sh
      sandbox-exec -f /Applications/FirefoxSandbox.app/Contents/MacOS/sandbox /Applications/FirefoxSandbox.app/Contents/MacOS/firefox-bin
      
  • In the 'info.plist' file in Contents/MacOS, replace
      <key>CFBundleExecutable</key>
      <string>firefox-bin</string>
      
    with
      <key>CFBundleExecutable</key>
      <string>FirefoxSandbox</string>
      
From now on (until the next Firefox Update) you can use FirefoxSandbox.app as a more secure browser.

Here is a script that automates necessary modifications (which you can download from here).
#!/bin/sh
# make a copy of firefox
cp -R /Applications/Firefox.app/ /Applications/FirefoxSandbox.app/

# Copy the sandbox definition into the Application 
cp sandbox /Applications/FirefoxSandbox.app/Contents/MacOS/sandbox

# Copy the sandbox-script into the Application
cp firefoxSandbox /Applications/FirefoxSandbox.app/Contents/MacOS/firefoxSandbox

# Make the sandbox script executable
chmod u+x /Applications/FirefoxSandbox.app/Contents/MacOS/firefoxSandbox

# Modify the info.plist file
mv /Applications/FirefoxSandbox.app/Contents/info.plist /Applications/FirefoxSandbox.app/Contents/info.plist.old 
cat /Applications/FirefoxSandbox.app/Contents/info.plist.old | sed s/firefox-bin/firefoxSandbox/ > /Applications/FirefoxSandbox.app/Contents/info.plist

[crarko adds: I haven't tested this one. I've mirrored the script download here.]
    •    
  • Currently 4.00 / 5
  You rated: 1 / 5 (6 votes cast)
 
[5,654 views]  

Integrate the MacOS sandbox into an executable Firefox application | 4 comments | Create New Account
Click here to return to the 'Integrate the MacOS sandbox into an executable Firefox application' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
It works
Authored by: idontcare on Mar 02, '11 05:44:02PM
This works in 10.6.6 with Firefox 3.6.13. I checked in htop and sandboxd starts when I launch FirefoxSandbox.app. It might be better to create a sandbox profile in /usr/share/sandbox that can be used for multiple web browsers (ie Chrome). Maybe create an applescript droplet or applet to run a browser in a sandbox. I dunno, just throwing the idea out there.

[ Reply to This | # ]
Integrate the MacOS sandbox into an executable Firefox application
Authored by: Redback on Mar 12, '11 08:37:43AM

This works in 10.6.6 with Firefox 3.6.15. I did have problems with the sandbox script showing errors in startup, but once corrected it's work like a charm, the issue where relate to Username, Quicktime and Divx.

Adding these two in solve the issue.

(regex "^/Library/QuickTime")
(regex "^/Library/Frameworks/DivX Toolkit.framework")

Cheers



[ Reply to This | # ]
Integrate the MacOS sandbox into an executable Firefox application
Authored by: asmeurer on Mar 17, '11 08:57:12PM

So can this be generalized to any program?



[ Reply to This | # ]
Integrate the MacOS sandbox into an executable Firefox application
Authored by: Marivaux on Oct 09, '11 12:05:20PM

I tried the script on 10.5.8 PPC. It generated the application without errors, but the application won't launch for reasons I can't figure out. Anyone have any ideas?



[ Reply to This | # ]