简体繁体 English

Mac应用程序沙箱和forkpty（）

[英]Mac app sandboxing and forkpty()

原文 2012-02-19 22:31:08 7 1 objective-c/ c/ cocoa/ sandbox/ appstore-sandbox

I'm looking to sandbox an app to comply with the March 1st sandboxing requirement of the Mac App Store. 我希望对应用进行沙箱处理，以符合Mac App Store 3月1日的沙箱要求。 My app includes a built-in terminal emulator which utilizes a forkpty() call to launch processes in a pseudo-tty environment. 我的应用程序包含一个内置的终端仿真器，该仿真器使用forkpty()调用在伪tty环境中启动进程。 Unfortunately, this call fails under the sandbox with the error "Operation not permitted", although the fork() call works just fine. 不幸的是，尽管fork()调用工作得很好，但此调用在沙箱下失败，并显示错误“不允许操作”。 Presumably the forkpty() call requires read/write access to the /dev/ directory to create a pseudo-tty (according to the man page). 大概forkpty()调用需要对/ dev /目录的读/写访问权限才能创建伪tty（根据手册页）。 I've tried adding a temporary sandboxing entitlement (com.apple.security.temporary-exception.files.absolute-path.read-write) with read/write access to /, and I now can indeed read and write files anywhere on the file system, but the forkpty() call still fails with the same error. 我尝试添加具有对/的读/写访问权限的临时沙盒授权（com.apple.security.temporary-exception.files.absolute-path.read-write），现在我确实可以在文件系统，但是forkpty()调用仍然失败，并显示相同的错误。 Does anyone know how I might get forkpty() to work under the sandbox? 有谁知道我如何让forkpty()在沙盒下工作？

My app is a programming text editor with a built-in terminal emulator and file browser, so it essentially needs to have access to the entire file system. 我的应用程序是带有内置终端仿真器和文件浏览器的编程文本编辑器，因此从本质上讲，它需要访问整个文件系统。 Apart from the forkpty() problem, this temporary entitlement seems to do what I need. 除了forkpty()问题，这种临时权利似乎forkpty()我的需求。 But will Apple accept an app with such a loosely defined temporary exception entitlement? 但是，Apple是否会接受具有如此宽松的临时例外权利的应用程序？

Thanks in advance guys. 在此先感谢大家。 I really hope I can get this sandboxing up and running so I continue to distribute my app through the App Store. 我真的希望我可以启动并运行此沙箱，因此我将继续通过App Store分发我的应用程序。