Can't disable App Sandbox

It’s not clear, but the first step is to check that your Xcode changes are actually being reflected in the built binary. Do this:

1. Build the non-sandboxed version of your app.

2. Choose Product > Copy Build Folder Path.

3. Use that to run the following command in Terminal:

% codesign -d --entitlements - /path/to/your.app

What do you see?

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Here is the output of codesign -d --entitlements:

[Dict]
	[Key] com.apple.application-identifier
	[Value]
		[String] R6FVYGV9JW.com.alloneword.macOS.Euler
	[Key] com.apple.developer.icloud-container-identifiers
	[Value]
		[Array]
			[String] iCloud.com.alloneword.eulervs
	[Key] com.apple.developer.icloud-services
	[Value]
		[Array]
			[String] CloudKit
	[Key] com.apple.developer.team-identifier
	[Value]
		[String] R6FVYGV9JW
	[Key] com.apple.security.app-sandbox
	[Value]
		[Bool] true
	[Key] com.apple.security.files.user-selected.read-write
	[Value]
		[Bool] true
	[Key] com.apple.security.get-task-allow
	[Value]
		[Bool] true

Oh, and just for clarity, here is info on my developer machine:

• macBook Pro: M1 Max
• Xcode: Version 15.3 (15E204a)
• macOS: Sonoma 14.4.1

Here is the output of codesign -d --entitlements:

Thanks. Note the presence of the com.apple.security.app-sandbox entitlement. That confirms that the sandbox is enabled. I’m not sure what’s going with your project to build it this way, but the presence of that entitlement explains the runtime behaviour you’re seeing.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

That confirms that the sandbox is enabled. I’m not sure what’s going with your project to build it this way, but the presence of that entitlement explains the runtime behaviour you’re seeing.

Yes, I saw that.

Anyway, I think it might be an Xcode bug. I looked through the build settings, and in the CodeSigning section of the Build Settings, the Enable App Sandbox setting was set to true, even though I had deleted that Entitlement in the Signing & Capabilities project tab. After setting the build setting of "Enable App Sandbox" to No - it is no longer building as a Sandbox App, and export of the Metal Texture is working perfectly.

Cheers

Hi Quinn, now that the weird build issue is resolved (though I'm still not sure how I got into that state) - do you have any suggestions / examples of how to use CFMessage ports in an Sandbox App other than the App Group naming convention (I can't change the port naming convention, as it is a long established naming convention of Syphon, which is supported by hundreds of video apps).

I have a sample (non sandboxed) app that simply publishes SpriteKit frames to a Syphon Server instance. Is there anyway possible to do this in a Sandbox App?

Sample Project

Regarding your sandbox issue, there are a lot of degrees of freedom within an Xcode project, so it’s hard to say whether it’s a bug or whether you just hit some wacky edge case. Regardless, you got it sorted, and that’s good enough for me (-:

do you have any suggestions / examples of how to use CFMessage ports in an Sandbox App other than the App Group naming convention

Sure. Put your new question in a new thread and I’ll respond there. Tag it with App Sandbox and Inter-process communication so that I see it.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"