I want to use setxattr/getxattr from a Finder Sync Extension on OSX 10.12.6, but the calls fail with errno==1, which is EPERM. Finder sync extensions run in a sandbox, so I guess I need to request permissions. No amount of googling and documentation browsing uncovered information so far.
The files I want to access are owned by myself, and setting attributes with the xattr command line utility succeeds and produces the expected result.
So the question is: Which permissions/entitlements do I need to give the sandbox, or is this possible at all?
I basically want to store the sync status in the extended attributes (clean, modified, syncing) and select the correct badge for requestBadgeIdentifierForURL based on that. A lower priority non-sandboxed process goes over files and updates the attributes.
The alternative would be to use a separate database to store sync status and I'm going to use that if the xattr doesn't work out.
Edit: Added entitlements file
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.temporary-exception.files.absolute-path.read-write</key>
<true/>
<key>com.apple.security.temporary-exception.files.home-relative-path.read-write</key>
<true/>
<key>com.apple.security.files.downloads.read-write</key>
<true/>
<key>com.apple.security.files.user-selected.read-write</key>
<true/>
</dict>
</plist>
The original entitlements file that comes with the sample is just
<key>com.apple.security.files.user-selected.read-only</key>
which didn't work either.
I added a test project to GitHub https://github.com/JensRestemeier/SyncExtensionTest
You are not specifying the path in the entitlement dic.
This is what it should look like:
<key>com.apple.security.temporary-exception.files.absolute-path.read-write</key>
<array>
<string>/</string>
</array>
This will give you access to all folders on the system.
Related
I want to run a python script every day at 7pm on a mac-based computer. I put together a script, but I'm not sure where to save it or where I can monitor progress. What can I do to turn this into a task-
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.example.nightlyscript</string>
<key>ProgramArguments</key>
<array>
<string>/usr/local/bin/python</string>
<string>/path/to/script.py</string>
</array>
<key>StartCalendarInterval</key>
<dict>
<key>Hour</key>
<integer>19</integer>
<key>Minute</key>
<integer>0</integer>
</dict>
</dict>
</plist>
According to this excellent article at townrdsdatascience.com, you need to put your property list in the ~/Library/LaunchAgents directory (which you can create in ~/Library if it doesn't already exist. The launchd man page further explains that you can put it in /Library/LaunchAgents if you want it to run for each user on your machine, or in /Library/LaunchDaemons to make it run across the whole system. Be sure to check your plist against the instructions in either of those sources -- I haven't looked to see if you've included everything that's needed. You'll also want to make your python script executable.
I'm trying to get a "daemon" (really just a script, more than a background process) to activate when a file (specifically, /dev/console) changes owner (i.e., when another user takes control of the console) on MacOS Mojave.
I'm trying to do this by running launchd and having it watch that file for changes. I tried doing this with WatchPaths, as in the script below, but apparently that only notices "creating, removing and writing to this file", not chown. Script is below, along with more background story. Any ideas on how to do this?
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>LoginScripts.blockyoutube.sh</string>
<key>ProgramArguments</key>
<array>
<string>/Users/Shared/blockyoutube.sh</string>
</array>
<key>WatchPaths</key>
<array>
<string>/dev/console</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StandardOutPath</key>
<string>/var/log/blockyoutube.log</string>
<key>StandardErrorPath</key>
<string>/var/log/blockyoutube.log</string>
</dict>
</plist>
Backstory
What I'm really trying to do is block my kids' accounts from YouTube ... but not my wife's account on the same computer. In theory System Preferences->Parental Controls should do this fine — which it does ... until someone launches Chrome and it backchannels the DNS lookup to 8.8.8.8.
The only way I've figured out to work around this is to not let the OS DNS query fail, so Chrome doesn't attempt to do that, so I'm updating /etc/hosts to point to localhost and flushing DNS whenever the console owner changes. Other solutions to this backstory are also welcome, but it does seem that there should be a way to make launchd watch for change in owner of a file.
I'd like to run an app I created via Automator every 5 minutes, so I placed the following com.user.wilson.plist file in this folder:
/Library/LaunchAgents
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.user.wilson</string>
<key>ProgramArguments</key>
<array>
<string>/usr/bin/open</string>
<string>-a</string>
<string>/Users/paul/Documents/Wilson/Script/mt-wilson-background_app</string>
</array>
<key>StartInterval</key>
<integer>300</integer>
</dict>
</plist>
Then, I loaded it using the following command in the terminal:
launchctl load Library/LaunchAgents/com.user.wilson.plist
but for some reason, the app never runs.
I can, however, successfully run the app using this command:
/usr/bin/open -a /Users/paul/Documents/Wilson/Script/mt-wilson-background_app
Any ideas why the .plist file won't do what I'm expecting it to?
In order to see what's going wrong, you can add a log file in your plist like this:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.user.wilson</string>
<key>StandardErrorPath</key>
<string>/Users/paul/Documents/Wilson/Script/err.log</string>
<key>ProgramArguments</key>
<array>
<string>/usr/bin/open</string>
<string>-a</string>
<string>/Users/paul/Documents/Wilson/Script/mt-wilson-background_app</string>
</array>
<key>StartInterval</key>
<integer>300</integer>
</dict>
</plist>
Note: For the modifications to take effect, unload and load again:
launchctl unload Library/LaunchAgents/com.user.wilson.plist
launchctl load Library/LaunchAgents/com.user.wilson.plist
Typically, if the err.log says it can't find your app, it means it's a permission issue.
I would suggest you try to move your app from /Users/paul/Documents/Wilson/Script/mt-wilson-background_app to /Users/paul/Documents/mt-wilson-background_app
Then update your plist accordingly, unload an reload your plist, is it working better now?
I ran into nearly the exact same problem. I finally (FINALLY!!!) found a cure that worked for me.
Originally, the broken version of the .plist launch agent that wouldn't run no matter what I tried was in /Library/LaunchAgents. Moving the agent to /Users/[me]/LaunchAgents eliminated the "Application Not Running" error.
It seems counterintuitive since the root agent should be able to run everything from any location, but I can only guess that AppleScript's check to see if an app is running or not is user account-dependent somehow. I'm betting there's something you can add to the AppleScript to actually fix this the "right" way, but this works well enough for me, so I'm taking the win.
it looks like it loads but has a status of 1 when using launchctl list
and using launchctl start ... it says No such Process...
i have it saved in /Users/IMG/Library/LaunchAgents.
The sh script runs fine.
the logging doesn't show anything - no file created..
I am very new to plist so please forgive ignorance.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.IMG.shed</string>
<key>ProgramArguments</key>
<array>
<string>/Users/IMG/2012/Dropbox/Dev_2012/Java/sh_IMG.sh</string>
</array>
<key>StandardOutPath</key>
<string>myjob.log</string>
<key>StandardErrorPath</key>
<string>myjob.log</string>
<key>Debug</key>
<true/>
<key>RunAtLoad</key>
<true/>
<key>StartInterval</key>
<integer>60</integer>
</dict>
</plist>
The first thing I thought was the process does not have permission to create the standard output log file (although I imagine the default value for working directory for a personal agent would be the user's home directory). There is an optional property key for WorkingDirectory - perhaps try setting that to see if anything changes.
Reference: Launchd.plist man page
In XCode 4.5.2, under the Product menu, you need to pick Edit Scheme. You will see the manage schemes box appear with several schemes. One of these is called Run <ProjectName>. Click the checkbox next to Working Directory Use custom working directory and point that to the path where your plist is at.
This elaborates on the answer given by unhillbilly. So thanks unhillbilly for steering me towards the Working Directory.
I'm trying to create a plist for the LaunchAgents folder that will run perpetually and call a shell script every 30 seconds. It started with a template that I got here and that I tried to tailor to fit my needs, but it's still not working. Any help?
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.Intel_Watchdog</string>
<key>ProgramArguments</key>
<array>
<string>/Library/A_Intel_WATCHDOG/A_WatchDog.sh</string>
</array>
<key>StandardErrorPath</key>
<string>/dev/null</string>
<key>StandardOutPath</key>
<string>/dev/null</string>
<key>StartInterval</key>
<integer>30</integer>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
Thanks so much!
I dropped this in my LaunchDaemons directory, and it worked fine. So, here're some things to check:
Is the .plist getting loaded? Note that the contents of the LaunchAgents folders are loaded at login, so you either need to log out and back in, or manually load it with launchctl load ~/Library/LaunchAgents/com.Intel_Watchdog.plist (or whatever/wherever the file is). You can check its status with launchctl list.
Is /Library/A_Intel_WATCHDOG/A_WatchDog.sh executable? Check the system log (/var/log/system.log) to see if launchd is having trouble launching it.
Is the script running into trouble before it does its job? Try adding date >>/tmp/watchdog.log to it, right after the shebang, and see if anything appears in /tmp/watchdog.log. If it does, try changing the StandardErrorPath and StandardOutPath to an actual file so you can see what's going on as the script runs. Note that you'll have to unload and reload the .plist to get the change to take effect (logging out and back in would do it).
Finally, although it shouldn't cause trouble, your label doesn't follow the standard convention (unless you actually own the domain Intel_Watchdog.com). If this is for local-only use, name it something like local.Intel_Watchdog instead. If you're going to publish this item, you should base the label on a domain you own (in reverse order, with ".Intel_Watchdog" added to the end) -- see Wikipedia's entry on the reverse domain name system.