Sandboxed App crashes at Startup in _libsecinit_appsandbox.cold

Hi,

I've an OSX app packages up outside of XCode (because it's based on a legacy cross-platform build system). The layout looks like this:

App App/Contents <- info.plist is here App/Contents/Frameworks <- Dylibs go here App/Contents/MacOS <- Main executable and bash startup script go here App/Contents/Resources <- Non-executable resources.

There are no helper apps, etc that I know of.

info.plist, the Frameworks, Main Executable and App are all signed. The Main Executable includes entitlements with the sandbox entitlements.

On startup, we crash in the usual Sandbox place:

0   libsystem_secinit.dylib       	    0x7ff811fcc2a5 _libsecinit_appsandbox.cold.9 + 49
1   libsystem_secinit.dylib       	    0x7ff811fcb636 _libsecinit_appsandbox + 1749
2   libsystem_trace.dylib         	    0x7ff8044029e9 _os_activity_initiate_impl + 50
3   libsystem_secinit.dylib       	    0x7ff811fcaf20 _libsecinit_initializer + 67
4   libSystem.B.dylib             	    0x7ff811fe08a1 libSystem_initializer + 292
5   dyld                          	       0x20905939f invocation function for block in dyld4::Loader::findAndRunAllInitializers(dyld4::RuntimeState&) const::$_0::operator()() const + 185

(Even though I'm not signing the bash startup script, which invokes the main executable, it's still getting signed and has entitlements. And I'm not using --deep.

I've tried setting com.apple.security.inherit - that didn't work. I've tried explicitly signing the bash startup script - that didn't work.

It fails not matter how I start the app - by clicking on it, command line, just launching the main executable via the command line, and of course using LLDB.

Any ideas? Crash report enclosed.