| Subject | embedded firebird in sandboxed app on MacOS |
|---|---|
| Author | |
| Post date | 2013-12-05T12:32:33Z |
Hi,
We use Firebird embedded in our application on MacOS. Now we're trying to run our application sandboxed and running into some trouble, with locking mostly. Does anyone have this working and could offer some suggestions?
We're using the classic server 2.5, extracted from the released 2.5.2 framework and embedded in our application using a process pretty similar to what's described at http://paulbeachsblog.blogspot.fr/2012/09/firebird-embedded-on-macosx.html . This works for our non-sandboxed app deployments.
When we run sandboxed, connecting to the database fails with an error -902 and the text "lock manager error". FIREBIRD_TMP and FIREBIRD_LOCK environment variables are pointed to our sandboxed temporary location in /var/folders and I do see fb_init, fb_lock_* and fb_sem files created in there, as well as the log.
The log shows:
plmac-lion Thu Dec 5 17:11:53 2013
ib_util init failed, UDFs can't be used - looks like firebird misconfigured
ib_util_init not found in /Library/Frameworks/Firebird.framework/Versions/A/Libraries/libib_util.dylib
/var/folders/km/q0hkq8z53wg9jj529c2wf93c0000gt/T/com.risingsoftware.auralia4.appstore/lib/libib_util.dylib library has not been found
/var/folders/km/q0hkq8z53wg9jj529c2wf93c0000gt/T/com.risingsoftware.auralia4.appstore/lib/libib_util.dylib library has not been found
libib_util.dylib library has not been found
plmac-lion Thu Dec 5 17:11:54 2013
event_init()
operating system directive semctl failed
Operation not permitted
plmac-lion Thu Dec 5 17:11:54 2013
Database: /Users/hamish/Library/Containers/com.risingsoftware.auralia4.appstore/Data/Library/Application Support/Rising Software/data4/rising4.fdb
lock manager error
(I can fix the libib_util.dylib error but it doesn't affect the locking.)
I presume it's the semctl failure that's the root problem here. I tried to trace this with the Apple Instruments tool but couldn't see semctl calls in that tool.
The Apple sandboxing guidelines say that System V semaphores are specifically disallowed. Is this the type that Firebird uses?
https://developer.apple.com/library/mac/documentation/security/conceptual/AppSandboxDesignGuide/AppSandboxInDepth/AppSandboxInDepth.html#//apple_ref/doc/uid/TP40011183-CH3-SW24
POSIX semaphores and other IPC are allowed if you have an application group directory, which I listed in my sandbox entitlements file, created and tried to use as FIREBIRD_TMP/FIREBIRD_LOCK, and even as the location for the db, but none of that changed the behaviour for me.
thanks,
Hamish
We use Firebird embedded in our application on MacOS. Now we're trying to run our application sandboxed and running into some trouble, with locking mostly. Does anyone have this working and could offer some suggestions?
We're using the classic server 2.5, extracted from the released 2.5.2 framework and embedded in our application using a process pretty similar to what's described at http://paulbeachsblog.blogspot.fr/2012/09/firebird-embedded-on-macosx.html . This works for our non-sandboxed app deployments.
When we run sandboxed, connecting to the database fails with an error -902 and the text "lock manager error". FIREBIRD_TMP and FIREBIRD_LOCK environment variables are pointed to our sandboxed temporary location in /var/folders and I do see fb_init, fb_lock_* and fb_sem files created in there, as well as the log.
The log shows:
plmac-lion Thu Dec 5 17:11:53 2013
ib_util init failed, UDFs can't be used - looks like firebird misconfigured
ib_util_init not found in /Library/Frameworks/Firebird.framework/Versions/A/Libraries/libib_util.dylib
/var/folders/km/q0hkq8z53wg9jj529c2wf93c0000gt/T/com.risingsoftware.auralia4.appstore/lib/libib_util.dylib library has not been found
/var/folders/km/q0hkq8z53wg9jj529c2wf93c0000gt/T/com.risingsoftware.auralia4.appstore/lib/libib_util.dylib library has not been found
libib_util.dylib library has not been found
plmac-lion Thu Dec 5 17:11:54 2013
event_init()
operating system directive semctl failed
Operation not permitted
plmac-lion Thu Dec 5 17:11:54 2013
Database: /Users/hamish/Library/Containers/com.risingsoftware.auralia4.appstore/Data/Library/Application Support/Rising Software/data4/rising4.fdb
lock manager error
(I can fix the libib_util.dylib error but it doesn't affect the locking.)
I presume it's the semctl failure that's the root problem here. I tried to trace this with the Apple Instruments tool but couldn't see semctl calls in that tool.
The Apple sandboxing guidelines say that System V semaphores are specifically disallowed. Is this the type that Firebird uses?
https://developer.apple.com/library/mac/documentation/security/conceptual/AppSandboxDesignGuide/AppSandboxInDepth/AppSandboxInDepth.html#//apple_ref/doc/uid/TP40011183-CH3-SW24
POSIX semaphores and other IPC are allowed if you have an application group directory, which I listed in my sandbox entitlements file, created and tried to use as FIREBIRD_TMP/FIREBIRD_LOCK, and even as the location for the db, but none of that changed the behaviour for me.
thanks,
Hamish