Sandboxed App crashes at Startup in _libsecinit_appsandbox.cold

Hi,

I've an OSX app packages up outside of XCode (because it's based on a legacy cross-platform build system). The layout looks like this:

App App/Contents <- info.plist is here App/Contents/Frameworks <- Dylibs go here App/Contents/MacOS <- Main executable and bash startup script go here App/Contents/Resources <- Non-executable resources.

There are no helper apps, etc that I know of.

info.plist, the Frameworks, Main Executable and App are all signed. The Main Executable includes entitlements with the sandbox entitlements.

On startup, we crash in the usual Sandbox place:

0   libsystem_secinit.dylib       	    0x7ff811fcc2a5 _libsecinit_appsandbox.cold.9 + 49
1   libsystem_secinit.dylib       	    0x7ff811fcb636 _libsecinit_appsandbox + 1749
2   libsystem_trace.dylib         	    0x7ff8044029e9 _os_activity_initiate_impl + 50
3   libsystem_secinit.dylib       	    0x7ff811fcaf20 _libsecinit_initializer + 67
4   libSystem.B.dylib             	    0x7ff811fe08a1 libSystem_initializer + 292
5   dyld                          	       0x20905939f invocation function for block in dyld4::Loader::findAndRunAllInitializers(dyld4::RuntimeState&) const::$_0::operator()() const + 185

(Even though I'm not signing the bash startup script, which invokes the main executable, it's still getting signed and has entitlements. And I'm not using --deep.

I've tried setting com.apple.security.inherit - that didn't work. I've tried explicitly signing the bash startup script - that didn't work.

It fails not matter how I start the app - by clicking on it, command line, just launching the main executable via the command line, and of course using LLDB.

Any ideas? Crash report enclosed.

Answered by DTS Engineer in 780379022

Main executable and bash startup script go here

I strongly recommend against using a script as your app’s main executable. That causes nothing but grief. See the TCC and Main Executables section of On File System Permissions for another pain point, and a link to my recommended alternative.

ps Your app is crashing due to an app sandbox inheritance issue, as discussed in Resolving App Sandbox Inheritance Problems. I suspect that fixing your main executable issue will also fix this problem but, if not, we can take about that.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Accepted Answer

Main executable and bash startup script go here

I strongly recommend against using a script as your app’s main executable. That causes nothing but grief. See the TCC and Main Executables section of On File System Permissions for another pain point, and a link to my recommended alternative.

ps Your app is crashing due to an app sandbox inheritance issue, as discussed in Resolving App Sandbox Inheritance Problems. I suspect that fixing your main executable issue will also fix this problem but, if not, we can take about that.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Ok, that was it!!! Thanks!

One more question before I close out this thread: Should I be able to debug Sandboxed applications using LLDB?

Right now, if I lldb the sandboxed app it dies instantly with:

error: process exited with status -1 (lost connection)

Thanks!

Sandboxed App crashes at Startup in _libsecinit_appsandbox.cold
 
 
Q