[Fed-Talk] sandboxd question
[Fed-Talk] sandboxd question
- Subject: [Fed-Talk] sandboxd question
- From: Carib Mendez <email@hidden>
- Date: Fri, 24 Oct 2014 16:05:24 -0400
Hopefully someone more versed in the sandbox mechanism may be able to help. BLUF : Who can one modify sandbox settings for a single executable?
I've been testing 10.10 and have run into a snag with the EFI Unidriver. The driver is needed to print to specialised RIP software that then outputs wide format prints to a pair of Epson 9900 printers. I've added the drivers and configured everything correctly, however when I print I get errors in the console about sandboxd blocking udspooler (thats the executable) from writing to /tmp (allow file* (subpath /private/tmp)). After much googling I found that by adding an entry to the system.sb file to allow writing to /tmp then that error went away. The next problem was then that sandboxd was blocking udspooler from connecting to local ip ports (I assume for bi-directional communication). I added another entry to the system.sb file (allow inbound-connection (local ip)) to allow executables to talk to local ip and now the printer prints.
Since these are global changes to all executables I'm leery of leaving them in there. Ideally I want to allow those exemptions only for the udspooler executable. Does anyone out there know how to do this?
BTW Waiting for EFI to update drivers is not really an option seeing how the last release of the drivers was for 10.7.
Sent from my iPhone
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden