On Jun 24, 2012, at 2:47 AM, Rick C. wrote:
> Ok here's my follow-up...I confirmed that everything I told you was true and
> finally said to myself I will just communicate with this executable inside my
> bundle. This works until I submit it to the Mac App Store and I get invalid
> binary because this executable (3rd party) is not sandboxed. So I give this
> binary entitlements and now when I try to communicate with it via NSTask it
> crashes and the crash report reveals that a sandbox cannot be created.
I haven't played with sandboxed helper apps yet, but I read the other day if
the helper app is started via posix_spawn(), the helper apps should have
exactly two entitlements:
com.apple.security.app-sandbox YES
com.apple.security.inherit YES
For helper apps start with XPC Services you can have a much richer entitlement
set.
My guess is that NSTask, because it is an older approach, uses posix_spawn(),
so you might want to try and *only* give it the "inherit" entitlement.
Todd
_______________________________________________
Cocoa-dev mailing list ([email protected])
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com
This email sent to [email protected]
