from Hacker News

Ask HN: Development Environment Sandboxing on macOS

by suchar on 11/13/21, 6:02 PM with 4 comments

I've been thinking of ways to sandbox development-related programs/processes/data on the MacOS. A primary use case is to protect the whole system from the, for example, malicious NPM library. I'm aware that there is some application sandboxing built-in into the MacOS. However, I don't know to what extent it covers this use case.

For this discussion, let's consider full-fledged IDE, like IntelliJ Idea, and skip remote development using VSCode/CLI editor over SSH/TRAMP/Projector. Also, examine a case where we would like to run multiple different applications inside the same sandbox for a specific project (e.g., IntelliJ + iTerm).

Please focus on the MacOS — I already know how to solve this issue on Linux.

  • by supernes on 11/14/21, 7:46 AM

    Just run a full Linux VM with a desktop environment and host the IDE and other apps inside. On relatively recent hardware you should be able to get decent performance and perfect isolation. You can use something like UTM (https://github.com/utmapp/UTM) or VMWare Fusion.

  • by daviddever23box on 11/13/21, 6:56 PM

    You seem to have a problem that actually doesn't exist, if you use Linux containers atop macOS–or, you haven't explained the root of your problem well enough.

    Plus, there is yarn.