network-outbound is denied with network entitlements

StackOverflow https://stackoverflow.com//questions/11655430

Question

I am trying to sandbox my OS X app.

My app uses NSTask to create a SSH Tunnel.

I have allowed the com.apple.security.network.client and com.apple.security.network.server entitlements, and still I get a network-outbound error when creating the tunnel.

The error is as follows:

25/07/12 18:26:02,488 sandboxd[10677]: ([10676]) ssh(10676) deny network-outbound /private/tmp/launch-1nsmBH/Listeners

The report doesn't show any relevant information:

ssh(10676) deny network-outbound /private/tmp/launch-1nsmBH/Listeners

Process:         ssh [10676]
Path:            /usr/bin/ssh
Load Address:    0x100000000
Identifier:      ssh
Version:         ??? (???)
Code Type:       x86_64 (Native)
Parent Process:  SSH Tunnlr [10604]

Date/Time:       2012-07-25 18:26:02.482 +0100
OS Version:      Mac OS X 10.8 (12A269)
Report Version:  8

Thread 0:
0   libsystem_kernel.dylib          0x00007fff9064fa86 __connect + 10
1   ssh                             0x0000000100017251
2   ssh                             0x00000001000140ec
3   ssh                             0x0000000100011722
4   ssh                             0x000000010000e3ff
5   libdyld.dylib                   0x00007fff90d837e1 start + 0

Binary Images:
   0x100000000 -        0x10004eff7  ssh (175) <97628AED-06A6-3407-9787-148A2FF59925> /usr/bin/ssh
0x7fff9063e000 -     0x7fff90659ff7  libsystem_kernel.dylib (2050.7.9) <E0447BF5-E104-35B0-B28B-4156887D58F1> /usr/lib/system/libsystem_kernel.dylib
0x7fff90d81000 -     0x7fff90d84ff7  libdyld.dylib (210.2.3) <F59367C9-C110-382B-A695-9035A6DD387E> /usr/lib/system/libdyld.dylib

For the record, here is my entitlements plist:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.network.client</key>
<true/>
<key>com.apple.security.network.server</key>
<true/>
<key>com.apple.security.temporary-exception.mach-lookup.global-name</key>
<array>
    <string>com.apple.ssh</string>
    <string>com.apple.sshd</string>
</array>

A hand here would be very, very helpful.

Thanks in advance.

Was it helpful?

Solution

Nevermind. That console error was misguiding me. Even though it is erroring out, it works.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top