sandbox-darwin.c: sandbox.h is deprecated
Theo de Raadt
deraadt at openbsd.org
Wed Jun 10 11:20:20 AEST 2026
Damien Miller <djm at mindrot.org> wrote:
> On Tue, 9 Jun 2026, Marius Schamschula wrote:
>
> > Hi there,
> >
> > Thank you for all the efforts on openssh portable over the years!
> >
> > sandbox-darwin.c: has had a good long run.
> >
> > Unfortunately, Apple has deprecated sandbox.h in favor of a newer App Sandbox API, see
> >
> > https://developer.apple.com/documentation/security/app-sandbox#//apple_ref/doc/uid/TP40011183
> >
> > Building openssh 10.3p1 now fails using Xcode 27-Beta.
>
> I guess we'll have to disable the sandbox for this release unless and
> until someone contributes a new one. I'm not sure how useful this will
> actually be with the new sandbox API because AIUI it requires code
> signing to operate. As a project that releases only source, we're not
> in a position to make use of this directly.
Yes, this is a case where downstream is responsible. There are two
downstreams: Apple themselves, and their user community.
For what goes into the tree (as a demonstrator?) this probably falls on
the developer community since Apple maintains and integrates their own
variant.
More information about the openssh-unix-dev
mailing list