2

I'm a bit confused about sandboxing an application that uses a command-line tool (ffmpeg). I won't mention his name, but I read at least two topics at Apple's Developer Forums where an Apple person suggests that the application requires the com.apple.security.inherit entitlement. This topic here also suggests that you need com.apple.security.inherit. Do I need it if I use ffmpeg through NSTask? My application crashes as long as this entitlement stays. If I remove it, the application starts up. If I take a close look at what Apple person says, the com.apple.security.inherit entitlement may be required if embedded tools are run directly from the application. It doesn't sound like that count ones through NSTask.

Meanwhile, this topic here suggets that I need to codesign the command-line tool inside the package. In this regard, I see consistency that I need to codesign the command-line tool with the entitlement file. But I'm not sure.

Life has become very confusing these days.

Thank you for your confirmation.

Community
  • 1
  • 1
El Tomato
  • 6,479
  • 6
  • 46
  • 75
  • By the way, the crash report says the following with inherit: XPC "domain creation failed: Process is not in an inherited sandbox" – El Tomato May 31 '13 at 13:57
  • 1
    com.apple.security.inherit is supposed to be applied to the command line process you're executing, not the app that is calling it. See docs: http://developer.apple.com/library/ios/#documentation/Miscellaneous/Reference/EntitlementKeyReference/Chapters/EnablingAppSandbox.html – escrafford May 31 '13 at 16:17
  • Oh, I now understand what you mean. So the command-line tool must have a separate entitlement sheet. Thanks a lot. – El Tomato May 31 '13 at 18:24

0 Answers0