I'm getting a sandbox_extension_issue_file error [1: Operation not permitted] from ScopedBookmarkAgent while trying to resolve a successfully created security-scoped bookmark via URL(resolvingBookmarkData:options:relativeTo:bookmarkDataIsStale:) which then produces the error Error Domain=NSCocoaErrorDomain Code=256 "Couldn't issue sandbox extension for the resolved URL" The error only occurs for files under a dedicated folder /System/Volumes/Data/Test and not for files and folders under, e.g., /Users/... From what I understand, everything at /System/Volumes/Data/ and below should be accessible for the user. I've made sure that the Test folder has read and write permissions for the current user and changed ownership of the folder to username:staff, where username denotes my local user name. This happens both under macOS Big Sur 11.6.2 and macOS Monterey 12.1. Any help is much appreciated!

I'm developing a macOS app where users load files from all kinds of internal and external volumes for editing. Whenever the user loads a folder, I'm keeping a secure bookmark internally and use this is combination with startAccessingSecurityScopedResource() and stopAccessingSecurityScopedResource() This works fine most of the time. However, there is one situation where it doesn't work as expected and this is when the following conditions are met: The file in question is on an external FAT32 thumb drive The editing process requires a temporary file Writing to the temporary file works without problems, as well as atomically replacing the original file via POSIX rename() (this is from C++). However, each subsequent read access to the file fails due to a sandboxing error: NSUnderlyingError=0x600003cf1e00 {Error Domain=NSPOSIXErrorDomain Code=1 "Operation not permitted"} System Policy: deny(1) file-read-data /Volumes/... The sandboxd metadata shows "storage-class":"TemporaryItems" which might be related. Any help is much appreciated!