[Interest] OS X Sandboxing and IPC (my experience so far)

Till Oliver Knoll till.oliver.knoll at gmail.com
Sat May 19 16:59:09 CEST 2012 

Am 14.05.12 10:13, schrieb Thiago Macieira:
> On segunda-feira, 14 de maio de 2012 10.03.47, Till Oliver Knoll wrote:
>> However I noticed a warning message in the console output which
>> appears just after the listen() call above:
>>
>>    QSocketNotifier: Can only be used with threads started with QThread
>
> Run the sub-process with QT_FATAL_WARNINGS=1 and give us the backtrace of that
> warning.

Okay, I found the issue: it was indeed a wrong QtNetwork framework being 
pulled in, because I forgot to add the proper "install_name_tool" steps 
to one of my libraries, which was then linking with the QtNetwork 
framework from the SDK installation, which on its turn linked in a 
(duplicate) QtCore framework from the SDK as well etc.

So something along the line of

distribution.commands += install_name_tool -change 
$$QT_LIB_DIR/QtNetwork.framework/Versions/4/QtNetwork \
 
@executable_path/../Frameworks/QtNetwork.framework/Versions/4/QtNetwork \
 
$$FRAMEWORKS_DIR/libKernel.$${VERSION}.dylib;

was missing.

And apparently classes which rely on QThread being properly initialised 
don't like that ;)

So that's why it worked with the macdeployqt, and not with my own 
"installation script".

I prefer to install just what I need with my own *.pro/qmake script - it 
turns out that macdeployqt installs every possible framework, even the 
SQL ones, even though I don't need them (contrary to what the Qt docs 
states that only the necessary frameworks would be deployed according to 
the QT/CONFIG values being set). Let alone all possible plugins that I 
have no use of).



So putting it all together it seems to be possible to use 
"QLocalServer-based IPC" (which indeed works without having a "network" 
entitlement) in a Mac sandbox, as to have separate processes with 
different entitlements.

This also means that the use of Apple's XPC services can be avoided:

 
https://developer.apple.com/library/mac/#documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingXPCServices.html#//apple_ref/doc/uid/10000172i-SW6-SW1

They are only available since OS X 10.7, and would make the application 
more platform-dependent.


Cheers, Oliver

More information about the Interest mailing list