应用沙盒:Python 走出沙盒
App Sandboxing: Python wandering out of the sandbox
我正在编写一个 Mac 应用程序,它将文件作为输入,让用户进行元数据操作,然后将文件发送到 Python 脚本以处理输出。这在没有沙盒的情况下非常有效。与所有事情一样,沙盒使其变得困难。
我在 NSBundle 中嵌入的 python 库正在调用系统拥有的一些 MimeTypes 库,但这些正在尝试打开 /etc/apache2/mime.types,这我的沙箱中没有,并且失败并出现错误:IOError: [Errno 1] Operation not permitted: '/etc/apache2/mime.types'.
这是我的权利:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.files.user-selected.read-write</key>
<true/>
<key>com.apple.security.network.client</key>
<true/>
<key>com.apple.security.network.server</key>
<true/>
</dict>
</plist>
这里是完整的回溯:
Traceback (most recent call last):
File "/Users/thomaspritchard/Library/Developer/Xcode/DerivedData/Chapters-ejrappchxzcmqxdjlzydqffndmtk/Build/Products/Debug/Chapters.app/Contents/Resources/EditChaptersScript.py", line 3, in <module>
import eyed3 # ID3 Writer
File "/Users/thomaspritchard/Library/Developer/Xcode/DerivedData/Chapters-ejrappchxzcmqxdjlzydqffndmtk/Build/Products/Debug/Chapters.app/Contents/Resources/eyed3/__init__.py", line 91, in <module>
from .utils.log import log
File "/Users/thomaspritchard/Library/Developer/Xcode/DerivedData/Chapters-ejrappchxzcmqxdjlzydqffndmtk/Build/Products/Debug/Chapters.app/Contents/Resources/eyed3/utils/__init__.py", line 33, in <module>
_mime_types = mimetypes.MimeTypes()
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/mimetypes.py", line 66, in __init__
init()
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/mimetypes.py", line 358, in init
db.read(file)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/mimetypes.py", line 202, in read
with open(filename) as fp:
IOError: [Errno 1] Operation not permitted: '/etc/apache2/mime.types'
预先感谢您的帮助,我真的很想能够在 Mac App Store 中分发此应用程序,但我一直在这个问题上碰壁。
编辑: 我想也许我可以允许访问文件,/etc/apache2/mime.types 到 Temporary Exception Entitlements。使用此更新后的权利 plist,它会以相同的错误退出:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.files.user-selected.read-write</key>
<true/>
<key>com.apple.security.network.client</key>
<true/>
<key>com.apple.security.network.server</key>
<true/>
<key>com.apple.security.temporary-exception.files.absolute-path.read-only</key>
<array>
<string>/etc/apache2/mime.types</string>
</array>
</dict>
</plist>
有趣的是,如果我使用绝对路径 /,而不是 /etc/apache2/mime.types,它可以工作,但 Apple 根本不可能在 Mac App Store 中允许这样做!
发现问题。当 OS X 包含符号 link 时,为 /etc/ 设置权利似乎存在问题!我已将其更改为 /private/etc/,现在可以使用了。
Thanks to this answer for helping me get to the answer.
编辑: Apple 工程师说这是一个合适的异常,并且关闭了我的雷达。如果你有同样的问题,参考雷达:#24011257.
我正在编写一个 Mac 应用程序,它将文件作为输入,让用户进行元数据操作,然后将文件发送到 Python 脚本以处理输出。这在没有沙盒的情况下非常有效。与所有事情一样,沙盒使其变得困难。
我在 NSBundle 中嵌入的 python 库正在调用系统拥有的一些 MimeTypes 库,但这些正在尝试打开 /etc/apache2/mime.types,这我的沙箱中没有,并且失败并出现错误:IOError: [Errno 1] Operation not permitted: '/etc/apache2/mime.types'.
这是我的权利:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.files.user-selected.read-write</key>
<true/>
<key>com.apple.security.network.client</key>
<true/>
<key>com.apple.security.network.server</key>
<true/>
</dict>
</plist>
这里是完整的回溯:
Traceback (most recent call last):
File "/Users/thomaspritchard/Library/Developer/Xcode/DerivedData/Chapters-ejrappchxzcmqxdjlzydqffndmtk/Build/Products/Debug/Chapters.app/Contents/Resources/EditChaptersScript.py", line 3, in <module>
import eyed3 # ID3 Writer
File "/Users/thomaspritchard/Library/Developer/Xcode/DerivedData/Chapters-ejrappchxzcmqxdjlzydqffndmtk/Build/Products/Debug/Chapters.app/Contents/Resources/eyed3/__init__.py", line 91, in <module>
from .utils.log import log
File "/Users/thomaspritchard/Library/Developer/Xcode/DerivedData/Chapters-ejrappchxzcmqxdjlzydqffndmtk/Build/Products/Debug/Chapters.app/Contents/Resources/eyed3/utils/__init__.py", line 33, in <module>
_mime_types = mimetypes.MimeTypes()
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/mimetypes.py", line 66, in __init__
init()
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/mimetypes.py", line 358, in init
db.read(file)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/mimetypes.py", line 202, in read
with open(filename) as fp:
IOError: [Errno 1] Operation not permitted: '/etc/apache2/mime.types'
预先感谢您的帮助,我真的很想能够在 Mac App Store 中分发此应用程序,但我一直在这个问题上碰壁。
编辑: 我想也许我可以允许访问文件,/etc/apache2/mime.types 到 Temporary Exception Entitlements。使用此更新后的权利 plist,它会以相同的错误退出:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.files.user-selected.read-write</key>
<true/>
<key>com.apple.security.network.client</key>
<true/>
<key>com.apple.security.network.server</key>
<true/>
<key>com.apple.security.temporary-exception.files.absolute-path.read-only</key>
<array>
<string>/etc/apache2/mime.types</string>
</array>
</dict>
</plist>
有趣的是,如果我使用绝对路径 /,而不是 /etc/apache2/mime.types,它可以工作,但 Apple 根本不可能在 Mac App Store 中允许这样做!
发现问题。当 OS X 包含符号 link 时,为 /etc/ 设置权利似乎存在问题!我已将其更改为 /private/etc/,现在可以使用了。
Thanks to this answer for helping me get to the answer.
编辑: Apple 工程师说这是一个合适的异常,并且关闭了我的雷达。如果你有同样的问题,参考雷达:#24011257.