应用程序沙盒:Python从沙箱中移出

时间:2015-12-22 16:21:22

标签: python macos sandbox

我正在编写一个将文件作为输入的Mac应用程序,让用户进行元数据操作,然后将文件发送到Python脚本来处理输出。没有沙盒,这非常有效。与所有东西一样,沙盒使其变得困难。

NSBundle中嵌入的python库正在调用系统拥有的一些MimeTypes库,但这些库正在尝试打开/etc/apache2/mime.types,我不会这样做。 ; t在我的沙盒中,并且失败并出现错误:IOError: [Errno 1] Operation not permitted: '/etc/apache2/mime.types'

以下是我的权利:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>com.apple.security.app-sandbox</key>
    <true/>
    <key>com.apple.security.files.user-selected.read-write</key>
    <true/>
    <key>com.apple.security.network.client</key>
    <true/>
    <key>com.apple.security.network.server</key>
    <true/>
</dict>
</plist>

这是完整的追溯:

Traceback (most recent call last):
File "/Users/thomaspritchard/Library/Developer/Xcode/DerivedData/Chapters-ejrappchxzcmqxdjlzydqffndmtk/Build/Products/Debug/Chapters.app/Contents/Resources/EditChaptersScript.py", line 3, in <module>
import eyed3        # ID3 Writer
File "/Users/thomaspritchard/Library/Developer/Xcode/DerivedData/Chapters-ejrappchxzcmqxdjlzydqffndmtk/Build/Products/Debug/Chapters.app/Contents/Resources/eyed3/__init__.py", line 91, in <module>
from .utils.log import log
File "/Users/thomaspritchard/Library/Developer/Xcode/DerivedData/Chapters-ejrappchxzcmqxdjlzydqffndmtk/Build/Products/Debug/Chapters.app/Contents/Resources/eyed3/utils/__init__.py", line 33, in <module>
_mime_types = mimetypes.MimeTypes()
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/mimetypes.py", line 66, in __init__
init()
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/mimetypes.py", line 358, in init
db.read(file)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/mimetypes.py", line 202, in read
with open(filename) as fp:
IOError: [Errno 1] Operation not permitted: '/etc/apache2/mime.types'

在此先感谢您的帮助,我非常希望能够在Mac App Store中分发此应用程序,但在这个问题上,我一直在抨击我的头脑。

编辑:我想也许我可以通过Temporary Exception Entitlements允许访问该文件/etc/apache2/mime.types。使用此更新的权利plist,它会以相同的错误退出:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>com.apple.security.app-sandbox</key>
    <true/>
    <key>com.apple.security.files.user-selected.read-write</key>
    <true/>
    <key>com.apple.security.network.client</key>
    <true/>
    <key>com.apple.security.network.server</key>
    <true/>
    <key>com.apple.security.temporary-exception.files.absolute-path.read-only</key>
    <array>
        <string>/etc/apache2/mime.types</string>
    </array>
</dict>
</plist>

有趣的是,如果我使用绝对路径/,而不是/etc/apache2/mime.types,它可以工作,但苹果公司在Mac App Store中没有机会允许这样做!

1 个答案:

答案 0 :(得分:0)

发现了这个问题。 OS X中似乎存在一个问题,即/etc/设置权限,当它包含符号链接时!我已将其更改为/private/etc/,现在可以正常使用。

Thanks to this answer for helping me get to the answer.

编辑: Apple工程师表示这是一个适当的例外,并且关闭了我的雷达。如果您遇到同样的问题,请参考雷达:#24011257

相关问题
最新问题