We have a daemon that is launched by launchd, always running in the background and running as root. The daemon is installed to
To reduce its attack surface we want to move some functionality into another helper process. It doesn't have to be running as root, but since the client (the LaunchDaemon) is running as root and in the launchd context, we created another LaunchDaemon that is launched on-demand and uses the MachService key to advertise its Mach service. It is also installed to
The sandboxed daemon has little functionality in it, and its entitlements are just com.apple.security.app-sandbox. We use NSXPC to communicate between the the non-sandboxed daemon and the sandboxed daemon. The sandboxed helper daemon launches as expected.
However the sandboxed application exits immediately on 10.14 with the following crash:
Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_INSTRUCTION (SIGILL) Exception Codes: 0x0000000000000001, 0x0000000000000000 Exception Note: EXC_CORPSE_NOTIFY Termination Signal: Illegal instruction: 4 Termination Reason: Namespace SIGNAL, Code 0x4 Terminating Process: exc handler  External Modification Warnings: Debugger attached to process. Application Specific Information: dyld: launch, running initializers /usr/lib/libSystem.B.dylib Sandbox registration internal error: Incoming message euid:1 does not match secinitd uid:0. Application Specific Signatures: Internal error: Incoming message euid:1 does not match secinitd uid:0. Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 libsystem_secinit.dylib 0x00007fff5b6e6b2a _libsecinit_setup_secinitd_client + 1929 1 libsystem_secinit.dylib 0x00007fff5b6e6340 _libsecinit_initialize_once + 13 2 libdispatch.dylib 0x00007fff5b49e63d _dispatch_client_callout + 8 3 libdispatch.dylib 0x00007fff5b49fd4c _dispatch_once_callout + 20 4 libsystem_secinit.dylib 0x00007fff5b6e6331 _libsecinit_initializer + 79 5 libSystem.B.dylib 0x00007fff582b09d4 libSystem_initializer + 136 6 dyld 0x0000000108408592 ImageLoaderMachO::doModInitFunctions(ImageLoader::LinkContext const&) + 506
If we remove the entielements from the sandboxed helper, thus making it non-sandboxed, it works fine but this is obviously not the intent.