Sandbox Violation on Runtime Exec
Michael Hall
mik3hall at gmail.com
Fri Jun 8 16:23:25 PDT 2012
On Jun 8, 2012, at 4:59 PM, Michael Hall wrote:
>
> On Jun 8, 2012, at 4:22 PM, Kirk Pepperdine wrote:
>
>> IOWs, busted...
>
>
> Yep, I sometimes browse and miss things.
> Did come up with this in the mean time though…
> com.apple.security.inherit entitlement,
> Supposedly mentioned in the WWDC 2011 Session 204 video "App Sandbox and the Mac App Store"
> Disclaimer in order to not be considered busted again, I haven't watched it yet or verified it will work with Runtime exec'd Sandboxed java app's.
>
Sorry, tending toward bad list etiquette replying to myself and getting noisy again.
First I read your post out of order. You were probably referring to Runtime exec being busted - not me. I may agree with that now after actually listening to the session I mentioned.
The 'inherit' entitlement, as I understand what was being said in the session, does nothing except note that you have 'helper' applications/processes that inherit your main sandbox. They always inherit your main sandbox, period. So if you are getting an error in Runtime it is because the Runtime process is doing something your own entitlements do not cover.
If I'm still understanding that incorrectly someone please correct me.
But the Runtime fix or workaround is to add the correct entitlements to your application that the Runtime process requires.
More information about the macosx-port-dev
mailing list