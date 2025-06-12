Operating systems have come a long way since chroot(), and allow developers to limit resources far beyond just the file-system root. In this article, I'll survey some modern tools for sandboxing and how easy or hard it might be to do so by drawing from documentation and examples. This is not a research paper: it's a survey and guide.

We'll cover the main open source operating systems with sandbox tools: Linux, OpenBSD, and FreeBSD (including DragonFlyBSD). Mac OS X gets limited mention, as does Java. If you know of other operating systems with such tools (e.g., NetBSD's secmodel), please raise an issue or a GitHub pull request.