Cannot use Hypervisor with inherited app sandbox

App & System Services Core OS
UTM OP
Created Dec ’20
Replies 1
Boosts 0
Views 799
Participants 1
I have a main app with the entitlements:

  • com.apple.security.app-sandbox

  • com.apple.security.hypervisor

and a helper app with the entitlements

  • com.apple.security.app-sandbox

  • com.apple.security.inherit

According to the documentations, if I start the helper app with NSTask, it should inherit the sandbox and I do see that for file accesses. However, when I try to use Hypervisor.framework, I get HV_DENIED.

If I try to add "com.apple.security.hypervisor" to the helper app, then the NSTask spawned process crashes with Could not set sandbox profile data: Operation not permitted (1).

I believe this is a bug and have submitted FB8921623

In the meantime, is there a workaround other than disabling App Sandbox or sticking to a single app (not possible for our application)?

Answered by UTM in 665563022
Update: Apple has resolved this issue on 11.3 beta 2.
Replies  1
Boosts  0
Views  799
Participants  1
UTM OP
Mar ’21
Accepted Answer
Update: Apple has resolved this issue on 11.3 beta 2.
0
Cannot use Hypervisor with inherited app sandbox
First post date Last post date
 
 
Q