We introduce a new security model for NetBSD – sec-model sandbox – that allows per-process policies for re- stricting privileges. Privileges correspond to kauth authorization requests, such as a request to create a socket or read a file, and policies specify the sandbox’s decision: deny, defer, or allow. Processes may apply multiple sandbox policies to themselves, in which case the policies stack, and child processes inherit their parent’s sandbox. Sandbox policies are expressed in Lua, and the evaluation of policies uses NetBSD 7’s experimental in-kernel Lua interpreter. As such, policies may express static authorization decisions, or may register Lua functions that secmodel sandbox invokes for a decision.

source: L