macosappstore-sandboxsmjobbless

Apple's SMJobBless() doesn't work under sandbox


Apple's SMJobBless is supposed to be the new, correct way to write a program that runs in the sandbox and requires privileges. However, when I downloaded the code and turned on the Sandbox, it doesn't work. Instead I get this error:

2015-09-27 15:10:30.820 SMJobBlessApp[78676:4426508] ApplePersistence=NO
2015-09-27 15:10:31.273 SMJobBlessApp[78676:4426508] Something went wrong! NSOSStatusErrorDomain / -60005

I need to write a file in /etc from an app that runs in the Sandbox. Is this possible?


Solution

  • I think your opening sentence of "Apple's SMJobBless is supposed to be the new, correct way to write a program that runs in the sandbox and requires privileges" is incorrect.

    When I look at the "Determine Whether Your App Is Suitable for Sandboxing" section of Apple's App Sandbox Design guide, it looks like you can't use Authorization Services to elevate privileges.

    If you're in a sandbox, you really can't access the "/etc" directory.