Following up on the ideas of this previous hint, there is also a possibility to make an application which starts with the sandbox already activated, so there is no need to run a shell script every time you need the sandbox.
This is how to do that:
#!/bin/sh sandbox-exec -f /Applications/FirefoxSandbox.app/Contents/MacOS/sandbox /Applications/FirefoxSandbox.app/Contents/MacOS/firefox-bin
<key>CFBundleExecutable</key> <string>firefox-bin</string>
<key>CFBundleExecutable</key> <string>FirefoxSandbox</string>
#!/bin/sh # make a copy of firefox cp -R /Applications/Firefox.app/ /Applications/FirefoxSandbox.app/ # Copy the sandbox definition into the Application cp sandbox /Applications/FirefoxSandbox.app/Contents/MacOS/sandbox # Copy the sandbox-script into the Application cp firefoxSandbox /Applications/FirefoxSandbox.app/Contents/MacOS/firefoxSandbox # Make the sandbox script executable chmod u+x /Applications/FirefoxSandbox.app/Contents/MacOS/firefoxSandbox # Modify the info.plist file mv /Applications/FirefoxSandbox.app/Contents/info.plist /Applications/FirefoxSandbox.app/Contents/info.plist.old cat /Applications/FirefoxSandbox.app/Contents/info.plist.old | sed s/firefox-bin/firefoxSandbox/ > /Applications/FirefoxSandbox.app/Contents/info.plist
Mac OS X Hints
http://hints.macworld.com/article.php?story=2011022702082736