I've a simple unix tool made by me that launches the main cocoa app from a shell.
I need to sandbox it but when I run it, it crashes with error "Illegal instruction: 4", on console.app I can see the following error message
Sandbox creation failed: Container object initialization failed: NIL container info object with no error description for visdiff
The file is correctly signed with codesign.
I've read the post Mac OS app, sandbox with command line tool? but it doesn't help
I was having this exact problem, and it went away when I added an embedded Info.plist.
Try these clang flags (assuming you have info.plist in the build directory):
-Xlinker -sectcreate -Xlinker __TEXT -Xlinker __info_plist -Xlinker info.plist
Is the console application launched directly from console or is it called from a main sandboxed application? I received a similar error when trying to sandbox some binaries and I was just able to make it work by using only the below entitlements:
<dict>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.inherit</key>
<true/>
</dict>
Of course, after that you can only call the binary from a parent process that is already sandboxed (that is why I asked how your binary was called :)).
While @Nick Moore's answer is perfectly fine, there's an option for this in today's Xcode under Packaging - Create Info.plist Section in Binary (CREATE_INFOPLIST_SECTION_IN_BINARY). All that's needed is setting thue to Yes.
It seems if you sign an executable with com.apple.security.inherit it can only be called by another application that is already sandboxed. So you can't call it from cmdline anymore after you ran codesign.
来源:https://stackoverflow.com/questions/12959958/how-to-sandbox-a-command-line-tool