Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
Sandboxing and calling Launchctl
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Sandboxing and calling Launchctl



Hi all,

I posted this to the developer forums yesterday but I think this list probably gets a good bit more eyeball than the forum, so I'm sending here too. Sorry for the cross-post if you're seeing it twice.  Anyway...

I'm trying to put together the last bits and pieces of sandboxing my app but I've just hit a problem.  I don't appear to be able to use launchctl to schedule tasks any more.

With my app sandboxed, I'm launching an NSTask with the following launch path and arguments:
> /bin/launchctl load -w /Users/mark/Library/Containers/<my app identifier>/Data/Library/LaunchAgents/<my app identifier>.helpername.plist


I'm using the correct APIs to get the path and read/write the helpername.plist file.  As per other command line tools I launch via NSTask, launchctl is presumably inheriting the same entitlements as my main application, but launchctl obviously needs to modify other files to which my app normally wouldn't have access - namely:
/private/var/db/launchd.db/com.apple.launchd.peruser.501/overrides.plist


The inherited entitlements don't allow access to that file, so I'm seeing this from sandboxd in the log file:
> launchctl(4831) deny file-read-data /private/var/db/launchd.db/com.apple.launchd.peruser.501/overrides.plist
and
> launchctl(4831) deny job-creation

I'm also seeing this in Xcode's run log:
> Bug: launchctl.c:2425 (25957):1: (dbfd = open(g_job_overrides_db_path, O_RDONLY | O_EXLOCK | O_CREAT, S_IRUSR | S_IWUSR)) != -1
> launch_msg(): Socket is not connected

As the user ID in the filename which launchctl is trying to write will be different for different users, I don't think I can set a temporary entitlement for it (haven't tried yet, that's today's task!), and even if I can, it doesn't seem like the right answer for long-term use.

Has anyone else come across this problem?  If so, how did you solve it?

Many thanks
Mark
_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2011 Apple Inc. All rights reserved.