Sandbox Violation on Runtime Exec
Michael Hall
mik3hall at gmail.com
Mon Jun 11 14:48:35 PDT 2012
On Jun 11, 2012, at 10:43 AM, Jess Finley wrote:
> Hi, we currently gather the architecture, model, CPU speed, and ram.
AppleScript might be a temporary solution. Although I believe that is eventually not supposed to work SandBoxed either.
Again though , from how I understood what I heard in the WWDC session that I mentioned, what you Runtime should work as long as your application covers the required entitlements.
The inherit one mentioned isn't really supposed do anything other than mark your application as having 'helper' applications or processes that get passed your application entitlements.
.
So the questions as far as Runtime goes to my thinking are still, why it fails when NSTask works? Is this because they are just implemented differently? Then any Runtime should fail. I've been trying to think of something completely harmless you could try Runtime'ing to verify this.
The second question would be does it work if you give the application the entitlement to correct the error?
deny file-read-data /dev/fd
Again, I haven't tried any of this. I've been trying to see if there is some way to quickly standalone test but I don't think so. There is the sandbox-exec command but that doesn't appear to apply to applications. It seems there the first thing you do is sign some code and I'm not sure I'm ready for that yet myself. Maybe someone else more familiar can indicate some way others might try this out?
More information about the macosx-port-dev
mailing list