Spawning a new process from a sandboxed app
Danno Ferrin
danno.ferrin at oracle.com
Tue Jun 24 15:44:01 UTC 2014
What entitlements did you sign spawnhelper with? The same as the main app or the inherit permission?
On Jun 24, 2014, at 9:40 AM, Zach Oakes <zsoakes at gmail.com> wrote:
> I've successfully shipped Java apps on the MAS using an embedded JRE, but
> with the stricter signing requirements now in place, I'm having a problem.
> My script now signs all the binaries, including the JRE's jspawnhelper
> executable, which my app relies on to spawn new processes via Runtime.exec.
>
> The sandboxed app launches correctly, but when it tries launching a new
> process, I get a dialog saying "OS X needs to repair your Library to run
> applications". It then fails to spawn the process, and the console says
> "Sandbox creation failed: Container object initialization failed: failed to
> get bundleid for app
> "<snip>/Contents/PlugIns/jdk1.7.0_60.jdk/Contents/Home/jre/lib/jspawnhelper".
>
> I can't figure out why it is failing to get the bundleid for jspawnhelper.
> It is definitely being signed with codesign, and I've tried explicitly
> setting an --identifier to no avail. I would appreciate advice on how to
> resolve this.
More information about the macosx-port-dev
mailing list