1

I've got a configuration folder in the root of the user directory. For example, ~/.ztool and there is a file named status in this folder which can be created, updated or deleted and it is important to know the status of this file. Existing command-line tools use and modify this status file. I've created code which monitors the folder and file but I think the Sandbox security on the Mac is causing the DispatchSource to miss key events. For entitlements I have had to add the following to the entitlements file.

<key>com.apple.security.temporary-exception.files.home-relative-path.read-write</key>
<array>
<string>/.ztool</string>
<string>/.ztool/status</string>
</array>

My understanding is that if I use DispatchSource for the makeFileSystemObjectSource function to monitor the folder it should handle events related to any changes to files in this folder. It appears that is not happening. I can instead directly monitor the file for changes, but if it is deleted that monitor will not work. I have found that if the file does not exist and the DispatchSource is monitoring the folder that it does handle an event when the file is created. What I'd like to know is if there is a way to configure the entitlements to allow for using DispatchSource to monitor file changes in the folder. Or will it be necessary to monitor the folder until the file is created and then change the DispatchSource to monitor the file?

What I may have to do is start and cancel 2 monitors if I cannot just use the directory monitor. I've shared the code as a Gist on GitHub. It is linked below.

mahal tertin
  • 3,239
  • 24
  • 41
Brennan
  • 11,546
  • 16
  • 64
  • 86
  • FSEvents and sandboxing are both quite badly documented. Why would you sandbox this kind of app? As with the temporary-exception, you won't be able to submit to Mac App Store. – mahal tertin Oct 30 '20 at 10:41
  • You can monitor folders outside the sandbox with a security bookmarked URL. The user must permit the access (once) with an open dialog box. – vadian Oct 30 '20 at 10:47
  • It was not clear how to use bookmarks when I was looking into it. When the bookmark is first created does it prompt the user to grant access? For the moment this will be an app used internally so I will distribute it inside the company, so Mac App Store restrictions won't apply. I'd like to still learn how to do this properly for when I do want to release an app publicly. – Brennan Oct 30 '20 at 22:15
  • Yes, in a sandbox environment you have to ask the user for permission to access each location outside the container. If you are not going to publish the app in the App Store you can disable the sandbox. – vadian Nov 01 '20 at 11:05
  • @vadian How do you ask for permission? I understand one option is to use the file picker UI which can provide a bookwork URL, but with this dot path at root I feel like that could be difficult to select for most users. I'd like to request permissions to a specific path, either on install or at first launch. – Brennan Nov 10 '20 at 19:12
  • As I said in my first comment, the user must select the folder with `NSOpenPanel`. You cannot *automate* this. – vadian Nov 10 '20 at 19:21

0 Answers0