Hi,
I am modifying my legacy remote access vpn application to make use of NetworkExtension framework.
In order to achieve this I need my PacketTunnelProvider to exchange a few messages with a process running on the machine.
Note that this is a separate process, not the containing application.
I want this communication to happen over unix domain sockets. I have right entitlements in place for my extension as well as the containing application.
</array>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.files.user-selected.read-write</key>
<true/>
<key>com.apple.security.network.client</key>
<true/>
<key>com.apple.security.network.server</key>
<true/>
<key>keychain-access-groups</key>
<array>When my PacketTunnelProvider tries to connect and send data over the unix domain socket, I see following errors on console:
default 16:32:16.399061+0530 PacketTunnel Connect error: Operation not permitted
default 16:32:16.399117+0530 PacketTunnel Write error: Socket is not connected
error 16:32:16.439901+0530 sandboxd Sandbox: PacketTunnel(975) deny(1) network-outbound /Users/sumsum/socktes/msgsock
Violation: deny(1) network-outbound /Users/sumsum/socktes/msgsockCan someone please let me know if I am missing something here? Is there any issue in app sandboxing that I am hitting?
Thank You.
Wow, UNIX domain sockets are all the rage these days (-: I answered more-or-less the same question about a week ago. Check out this post.
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"