Hi all, I am looking to run a process on my machine that I do not fully trust.
I would like to avoid the penalty cost of spinning a VM to run it, and would like instead to sandbox it. As far as I know, `pledge` is nice to create a sandbox, but it's coarse-grained, it either allow access to all ips, or it allows no access at all. I need to give this untrusted app network access, but to avoid it being a spyware/trojan horse, I'd like to restrict its network connection to a specific list of ips. The idea I have for now is to create a user dedicated to it, and add an anchor in pf that filters for that user, and only allow that user to speak to that list of ip. Is that a reasonable approach? Is there a better way to do that? Thanks! Jake
