This afternoon I started working on turningÂ MoneyWell for Mac into a sandboxed application for our next major release. I watched the intro videos, checked the appropriate checkboxes in Xcode, ranÂ MoneyWell, checked Activity Monitor and saw…
Well crap. After a bit of unsuccessful searching on the Apple Dev Forums I did some testing withÂ Kevin Hoctor and discovered that the Release configuration ofÂ MoneyWell was properly sandboxed. The only significant difference between the Release and Debug configurations was that one was code signed and one was not. Once we enabled code signing for the Debug configurationÂ MoneyWell launched as a sandboxed app.
I asked on Twitter,
Is it common knowledge that an app that is not code signed will run in non-sandboxed mode even with sandboxing enabled?
Both Brian Webster and Jim Correia got back to me:
@bwebster:Â That does make sense, since it is the code sign tool that’s used to encode the sandbox entitlements when building.
@jimcorreia:Â The app-sandbox is an entitlement. Entitlements are embedded in the code signature.
Hopefully this helps you out if you find that your sandboxed app is showing up as not sandboxed.This entry was posted in Cocoa.