Hi all, I posted this to the developer forums yesterday but I think this list probably gets a good bit more eyeball than the forum, so I'm sending here too. Sorry for the cross-post if you're seeing it twice. Anyway...
I'm trying to put together the last bits and pieces of sandboxing my app but I've just hit a problem. I don't appear to be able to use launchctl to schedule tasks any more. With my app sandboxed, I'm launching an NSTask with the following launch path and arguments: > /bin/launchctl load -w /Users/mark/Library/Containers/<my app > identifier>/Data/Library/LaunchAgents/<my app identifier>.helpername.plist I'm using the correct APIs to get the path and read/write the helpername.plist file. As per other command line tools I launch via NSTask, launchctl is presumably inheriting the same entitlements as my main application, but launchctl obviously needs to modify other files to which my app normally wouldn't have access - namely: /private/var/db/launchd.db/com.apple.launchd.peruser.501/overrides.plist The inherited entitlements don't allow access to that file, so I'm seeing this from sandboxd in the log file: > launchctl(4831) deny file-read-data > /private/var/db/launchd.db/com.apple.launchd.peruser.501/overrides.plist and > launchctl(4831) deny job-creation I'm also seeing this in Xcode's run log: > Bug: launchctl.c:2425 (25957):1: (dbfd = open(g_job_overrides_db_path, > O_RDONLY | O_EXLOCK | O_CREAT, S_IRUSR | S_IWUSR)) != -1 > launch_msg(): Socket is not connected As the user ID in the filename which launchctl is trying to write will be different for different users, I don't think I can set a temporary entitlement for it (haven't tried yet, that's today's task!), and even if I can, it doesn't seem like the right answer for long-term use. Has anyone else come across this problem? If so, how did you solve it? Many thanks Mark _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
