Run IBTool from within Sandboxed App

Hi,


I want my app to be able to run /usr/bin/ibtool.


However when my app is sandboxed, it won't allow me to run it.


Does anyone know what entitlement I need to give my app so that I can run ibtool - from within my app?


Thanks!


Chris

Answered by DTS Engineer in 89866022

xcrun: error: cannot be used within an App Sandbox.

Or modern systems

/usr/bin/ibtool
is a trampoline that uses
xcrun
to find your preferred version of Xcode (the one selected via xcode-select) and launch the
ibtool
from there.
xcrun
doesn’t like running in the sandbox, and so you get this error.

The solution is to ask your user to select their preferred version of Xcode and then run

ibtool
from within that. You may run into other problems down the pike, but this will be enough to
ibtool
actually launching.

Share and Enjoy

Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

However when my app is sandboxed, it won't allow me to run it.

What message do you get?

Share and Enjoy

Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

xcrun: error: cannot be used within an App Sandbox.


With this code:


let task:NSTask = NSTask()
task.launchPath = "/usr/bin/ibtool"
task.arguments = ["--compile", modifiedPath, modifiedPath]
      
let pipe = NSPipe()
task.standardOutput = pipe
task.launch()
      
let data = pipe.fileHandleForReading.readDataToEndOfFile()
let output = NSString(data: data, encoding: NSUTF8StringEncoding)
Accepted Answer

xcrun: error: cannot be used within an App Sandbox.

Or modern systems

/usr/bin/ibtool
is a trampoline that uses
xcrun
to find your preferred version of Xcode (the one selected via xcode-select) and launch the
ibtool
from there.
xcrun
doesn’t like running in the sandbox, and so you get this error.

The solution is to ask your user to select their preferred version of Xcode and then run

ibtool
from within that. You may run into other problems down the pike, but this will be enough to
ibtool
actually launching.

Share and Enjoy

Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Hi there,


I am really new to this whole thing, and don't exactly know what I am doing honestly. How do I go about setting a prefered version of Xcode? I am trying to run a python script within a 3rd party IDE and continue to get the error "xcrun: error: cannot be used within an App Sandbox.". It is a Python3 script so I thought by installing Python3 it would do it but it doesn't.


Would you mind helping me out please? Thanks 🙂


Jordan

Hello, I am trying to run "xcrun simctl ..." commands in a App Sandboxed app but I am getting errors like:
Code Block
Couldn't posix_spawn: error 13


I let the user select the Xcode.app path but I really don't know what to do after that.
Any help?

Hello, I am trying to run "xcrun simctl ..." commands in a App Sandboxed app but I am getting errors like: I let the user select the Xcode.app path but I really don't know what to do after that.

You can't run that tool in the sandbox. Sorry.


I am pretty sure it's possible. I have some apps downloaded from the App Store that do some things that are available only with that command.

I am pretty sure it's possible. I have some apps downloaded from the App Store that do some things that are available only with that command.

It is virtually always a bad idea to make plans based on what you see some other apps are doing, or appear to do. Maybe they are doing something else. Maybe they were grandfathered in. Maybe they know people at Apple and got one of those golden temporary entitlements.

I have a tool that runs other tools within the App Sandbox. When I run "xcrun simctl --help", I get the following:

xcrun: error: cannot be used within an App Sandbox.

That sounds pretty definitive to me.

When I run xcrun simctl --help, I get the following:

xcrun: error: cannot be used within an App Sandbox.

That sounds pretty definitive to me.

That message is coming from xcrun, not simctl. xcrun has a general guard against it being run from within the App Sandbox. You can bypass that by running the target tool directly from Xcode.

Whether you should do that is another matter. In some cases I think that’s pretty reasonable. For example, otool is a pretty simple program and I wouldn’t have any qualms about running it from a sandboxed app. In other cases there’s a lot more risk. In this specific case, simctl is a very complex ***** and I’d be quite concerned about the compatibility risks associated with running it from within the App Sandbox.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
* laugh *

The redact word in my previous post was b_e_a_s_t (-:

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
@ekismo Would you please provide me some more information on how to solve the issue?

I am building this in SwiftUI, I let the user select the Xcode.app file this way:

Code Block do {
switch result {
case.success(let urls):
guard
let url = urls.first
else {
return
}
let bookmarkData =
try url.bookmarkData(options: .withSecurityScope, includingResourceValuesForKeys: nil, relativeTo: nil)
var isState = false
let newURL =
try URL(resolvingBookmarkData: bookmarkData, options: .withSecurityScope, relativeTo: nil, bookmarkDataIsStale: & isState)
_ = newURL.startAccessingSecurityScopedResource()
getDeviceList( in: newURL)
case.failure(let error):
print("There was a problem selecting the file - \(error)")
}
} catch {
print("Unable to read file contents")
print(error.localizedDescription)
}



And in getDeviceList I am running this task:

Code Block func getDeviceList(in xcodeURL: URL) {
let task = Process()
task.launchPath = xcodeURL.path
task.arguments = [
"xcrun simctl list devices"
]
let pipe = Pipe()
task.standardOutput = pipe
task.launch()
let data = pipe.fileHandleForReading.readDataToEndOfFile()
if let string = String(data: data, encoding: String.Encoding.utf8) {
print(string)
}
}



But as I keep getting the error:

caught non-fatal NSInternalInconsistencyException 'Couldn't posix_spawn: error 13'


Where am i going wrong?

Would you please provide me some more information on how to solve the
issue?

No, sorry. Earlier I wrote “I’d be quite concerned about the compatibility risks associated with running [simctl] from within the App Sandbox” and I’m not going to help you go down a path that may eventually run off the end of a cliff.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
Thank you for the reply Eskimo.
I understand your point, I’m just trying to run a command and then I will figure it out. The issue is with launching the first command, and I’m probably doin something wrong from start.


@jaespeaks, I'm running into the same issue with python3, which is more concerning now that Monterey displays a warning for apps that use Python 2.7.

I'm running into the same issue with python3

If your app relies on Python my advice is that you bundle a copy of Python in the app. This is based on the Scripting Language Runtimes note in the macOS Catalina 10.15 Release Notes.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Run IBTool from within Sandboxed App
 
 
Q