Here is a bare-bones macOS sandbox implementation. In practice, it would probably be called in an --eval argument to guard anything executed later. It should be sufficient for the typical untrusted flymake checker running in an Emacs subprocess and printing to stdout/stderr.