https://github.com/strongdm/leash
It even has a --darwin macOS-native mode which goes beyond the capabilities and guarantees of sandbox-exec and bubblewrap.
Full-disclosure: I am one of the authors.
https://github.com/strongdm/leash
It even has a --darwin macOS-native mode which goes beyond the capabilities and guarantees of sandbox-exec and bubblewrap.
Full-disclosure: I am one of the authors.