With the RC version of macOS 26, an issue persists when you try to create a bookmark with security scope for the root folder "/". This leads to an error "The file couldn’t be opened.". However, you can create bookmark for /Applications, /System, /Users...
This is quite annoying for one of my app because a user can create a cartography of his disk usage, and the access to the root folder "/" is the only way to do so!
Is there a workaround?
PS: reported the issue with ID FB20186406
let openPanel = NSOpenPanel()
openPanel.canChooseDirectories = true
openPanel.canChooseFiles = false
openPanel.beginSheetModal(for: self.view.window!) { (result) in
guard result == .OK, let folderURL = openPanel.url else {
return
}
openPanel.close()
do {
let data = try folderURL.bookmarkData(options: .withSecurityScope, includingResourceValuesForKeys: nil, relativeTo: nil)
print("Bookmark data was created for \(folderURL.path)")
} catch (let error) {
print("Error creating bookmark for \(folderURL.path), with error: \(error.localizedDescription)")
}
}
With the RC version of macOS 26, an issue persists when you try to create a bookmark with security scope for the root folder "/". This leads to an error "The file couldn’t be opened.".
Yes. This is a known issue (r.157722315) that was introduced as part of fixing a bookmark-related security bug (r.151029665). Note that it affects the root directory of all file systems, not just "/". Fixing the issue is a very high priority, but it probably won't be possible to fix it for 26.0.
However, you can create bookmarks for /Applications, /System, /Users...
Yes. The issue is specifically tied to the root directory of the file system, which is why those other directories work fine.
This is quite annoying for one of my apps because a user can create a cartography of his disk usage, and the access to the root folder "/" is the only way to do so! Is there a workaround?
It won't be perfect, but I think this would work, at least for "/". To start with:
-
Have the user select "/" as usual.
-
Create a security-scoped bookmark for every object in "/".
Then, for future app runs:
-
Resolve your bookmarks from #2 as usual.
-
Directly read the contents of "/" (without asking the user)*, then compare those contents with #1.
-
If 1 & 2 agree, then the contents haven't changed, and you can work with those subdirectories as usual.
-
If 1 & 2 disagree, then tell the user they need to select "/" again and start the process all over again.
In practice, I think the contents of "/" are stable enough** that you'll rarely, if ever, need to do #4, so for most users, this will "just work".
*This (#2) works because the app sandbox actually has an extension that gives you read access to "/". Your app can't read below "/", but it can read the contents of "/" without user approval. Unfortunately, this also means that this won't work on other volumes.
__
Kevin Elliott
DTS Engineer, CoreOS/Hardware
