User Profile

I've got an app with a quicklook generator bundled within it. The app opens port 42222 for localhost queries. The quicklook generator fails to connect to the socket. The log shows these 2 sandbox errors: Sandbox: 1 duplicate report for java deny(1) file-read-data /private/etc/hosts Sandbox: ExternalQuickLoo(1253) deny(1) network-outbound*:42222 ... which is weird because the app isn't sandboxed: % codesign -d --entitlements :- /Applications/Test.app                                                          Executable=/Applications/Test.app/Contents/MacOS/Test The same code functions correctly when executed from a separate app running on the same machine (rather than from the generator). Any idea why the quicklook generator isn't able to connect to a localhost socket? ... or why sandbox rules are being applied to a non-sandbox app?

Call to bind() is failing in my Cocoa app project but not in a commandline tool project (with same exact networking code). No sandbox Catalina (with SIP disabled, but solution will need to work on machines with SIP enabled) App transport settings wide open (this is a client-only setting though AFAIK) sandboxd says "deny(1) network-bind*:32323" When I copy the code to a commandline project, it works. 1 - If the app is not sandboxed, why is there a sandbox error in the log? 2 - Is there something else I need to add to Info.plist for binding to a network port (and other related server functionality) from a Cocoa app?

Crazy question, but it came from a friend now working at a different company and I wanted to make sure I'm not telling him the wrong thing. I said "no," but I'm not 100% sure and I can't find anything online about it. He wants to take his own sandboxed build and disable sandboxing/notarization/codesigning on it (POSTFACTO) for testing some issue he's working on. I spent a half hour on the phone trying to understand why, but I still don't get it. Crazy or not, it's an interesting question, so I thought I'd float it here.