I'm attempting to bring a Mac app up-to-date with the new sandboxing rules in Lion. However, despite requesting com.apple.security.files.user-selected.read-write permissions, I'm getting errors. When I look in the logs, I see deny file-write-create /Users/thom/Desktop/Filename.blah-journal.
This makes sense given the sandboxing rules - the user selected a location for the SQLite store, and so writing to that location is allowed. However, SQLite maintains its journal file alongside the actual file, and writing to that is forbidden.
In which case, how can an SQLite-backed NSPersistentDocument ever work in a sandboxed environment?
I've had the same issue while exporting Quicktime movies, as it writes an "atomic" working file that fails under sandboxing. All you can do is file a radar at this point.