Macos – What does this sandboxing message “deny mach-lookup” mean

macos, sandbox

My app did not work properly on a customer machine. Here is a line from console messages:

sandboxd: ([14252]) aText(14252) deny mach-lookup

What does this mean ?

Best Solution

It means just what it says: Your app (or some code injected into your app or running in a child process) is trying to do lookup a Mach service named, probably at global scope, and you don't have an entitlement to do so, and therefore it's being denied.

If you need this to work, you need to add a temporary-exception entitlement = []. But you'll have to figure out why you need this exception, and file a bug with Apple asking them to provide a better way to do the same thing.

If you don't need this to work, you need to figure out why your code is trying to look up this service and stop doing whatever is causing it. (If it's not your code, but code injected into your app via SIMBL or something, then it's your user's problem, and he has to not use whatever plugin is at fault.)