search

NixOS / nixpkgs

Nix Packages collection & NixOS
MIT License
17.41k stars 13.63k forks source link

Issues with sandboxing on macOS & Emacs #47413

Open matthewbauer opened 5 years ago

matthewbauer commented 5 years ago

Issue description

I have been looking at sandboxing & using it daily, but hit this issue. When running Emacs within a sandbox, I get:

dyld: Library not loaded: /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit
  Referenced from: /nix/store/6ij4vgw7macqcbjss1py68xwmyghawh2-emacs-26.1/bin/emacs
  Reason: no suitable image found.  Did find:
        /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit: file system sandbox blocked stat()
        /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit: file system sandbox blocked stat()

Somehow the __impureHostDeps are not coming in for the frameworks to be usable. I am not familiar with how this is calculated but I think this is an issue that would effect anything using a framework.

cresh commented 4 years ago

I am not able to launch Emacs.app on macOS Catalina 10.15 due to a sandboxing issue. I'm on macOS Catalina Version 10.15 Beta (19A573a) and followed https://github.com/NixOS/nix/issues/2925#issuecomment-522957892 to mount a APFS volume under /nix and rebuild all my derivations using nix-env (Nix) 2.3 and the default channel.

> open ~/.nix-profile/Applications/Emacs.app
LSOpenURLsWithRole() failed with error -10810 for the file /nix/store/ymy7w1197ifjn52avnm00sds26qi7ndb-emacs-26.3/Applications/Emacs.app.

system.log shows:

Sep 26 09:13:30 calculon com.apple.xpc.launchd[1] (org.gnu.Emacs.3480[47013]): Service exited with abnormal code: 134

There is also an Crash Report for the process:

Process:               Emacs [47055]
Path:                  /Volumes/VOLUME/*/Emacs.app/Contents/MacOS/Emacs-
Identifier:            Emacs-
Version:               ???
Code Type:             X86-64 (Native)
Parent Process:        ??? [47013]
User ID:               501

Date/Time:             2019-09-26 09:13:30.143 +0200
OS Version:            Mac OS X 10.15 (19A573a)
Report Version:        12
Bridge OS Version:     4.0 (17P50566a)
Anonymous UUID:        0C3C5FB4-E2F0-748B-53CD-99619D46A967

Sleep/Wake UUID:       DABE17AF-2DFB-4B8C-8B46-7AB04FD16BCC

Time Awake Since Boot: 20000 seconds
Time Since Wake:       2800 seconds

System Integrity Protection: enabled

Crashed Thread:        Unknown

Exception Type:        EXC_CRASH (SIGABRT)
Exception Codes:       0x0000000000000000, 0x0000000000000000
Exception Note:        EXC_CORPSE_NOTIFY

Termination Reason:    DYLD, [0x6] Filesystem Sandbox

Dyld Error Message:
  Library not loaded: /Volumes/VOLUME/*/libncursesw.6.dylib
  Referenced from: /Volumes/VOLUME/*/Emacs.app/Contents/MacOS/Emacs-
  Reason: no suitable image found.  Did find:
        file system sandbox blocked open() of '/Volumes/VOLUME/*/libncursesw.6.dylib'
        file system sandbox blocked open() of '/Volumes/VOLUME/*/libncursesw.6.dylib'

Binary images description not available

Any advice on how to possibly fix this for Catalina?

matthewbauer commented 4 years ago

@cresh This looks like a different issue. I haven't seen this issue in Catalina, although I have been using emacsMacport and not vanilla emacs.

Have you manually enabled some sandboxing features? I hope Apple isn't forcing sandboxing on normal apps now...

cresh commented 4 years ago

Not that I know of... I've just upgraded my Mojave install to Catalina Beta without changing any settings. How could I check which sandboxing features are enabled?

cresh commented 4 years ago

I've tried emacsMacport on Catalina. Launching it shows

Screenshot 2019-09-27 at 09 02 16

every time, but Emacs launches anyway and stays open and is usable.

SuperSandro2000 commented 3 years ago

Did anyone find a solution to this problem? I have a similar issue when starting the nix-daemon.

stale[bot] commented 3 years ago

I marked this as stale due to inactivity. → More info