sandbox: add module for sandbox profiles

This could be used outside of nix-darwin, but this is mainly useful for
services since all of the inputs are known there.

	{
	  # $ /usr/bin/sandbox-exec -f $profile $coreutils/bin/ls /
	  # ls: cannot access '/': Operation not permitted
	  security.sandbox.profiles.example.closure = [ pkgs.coreutils ];
	}

0 files changed, 0 insertions, 0 deletions