How to isolate an application from the system (fully sandboxed application)?
Is it possible to do something like the concept of sandboxing (like all apps on iOS have its own system software resources) for all existing applications (so - not while designing an own new application) on OSX (Lion/ML/Maverics) just copying required frameworks, libraries, binaries (/usr, /etc, /Library
, etc.) and than using chroot
for the process when start?
Of course this is possible - iOS sandboxes all applications by default and runs on the same Darwin core as OS X. Apple hasn't chosen to implement this on OS X, so you would have a lot of engineering work to bolt this extra security on top of OS X. In the short run, it might be easier to virtualize the OS if you only need to sandbox one or two applications.