https://bugs.openldap.org/show_bug.cgi?id=10043
Issue ID: 10043 Summary: LMDB Wont Run in MacOS Sandbox Product: LMDB Version: 0.9.30 Hardware: All OS: Mac OS Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: liblmdb Assignee: bugs@openldap.org Reporter: t@tannersilva.com Target Milestone: ---
Howdy from Texas.
I am the developer of QuickLMDB, the high performance wrapper for Swift.
I have been building an lmdb-based nostr client for the CakeWallet team using my wrapper. I initially began writing this app with a wide deployment target (iOS and MacOS with Sandboxing enabled). To my surprise, I was unable to get QuickLMDB running on MacOS with its sandboxing mode enabled. It simply wouldn't run.
I didn't allow myself to get too caught up in that particular issue on my project (we have dropped MacOS from our initial targets for other reasons anyways), however, I've since had a user raise an issue on my GitHub describing the exact issue I dealt with in breaking ground on the nostr client with its "new project defaults" build settings in Xcode.
https://github.com/tannerdsilva/QuickLMDB/issues/1
https://github.com/agisboye/SwiftLMDB/issues/23
Admittedly, I haven't been able to thoroughly investigate this issue beyond my own brief experiences with it in my mostly blank project.
Between the two links above, the users of the Swift wrappers seem to have tested this issue in a more diverse way than I would do initially anyways.
In search of duplicate issues, I was unable to find anything that clearly draws a line around sandboxing on MacOS, which is the primary concern here.
Confirmed by my own experiences: the issue here is simply that LMDB seems to be impossible to run in a MacOS sandbox. When sandboxing is disabled, LMDB behaves exactly as I would expect.
Apple Silicon - macOS 13.1
https://bugs.openldap.org/show_bug.cgi?id=10043
--- Comment #1 from Howard Chu hyc@openldap.org --- Please provide a simple test case to reproduce this problem. Note that I don't usually spend any time with MacOS dev tools, so you will need to be explicit in every step otherwise I won't be able to investigate.
Also please provide up to date links to relevant Apple docs, thanks.
https://bugs.openldap.org/show_bug.cgi?id=10043
--- Comment #2 from Howard Chu hyc@openldap.org --- Given the way MacOS sandboxes appear to work, this is likely going to be a WONTFIX. There doesn't seem to be anything you can usefully do, interprocess-wise, with a sandboxed app.
https://github.com/agisboye/SwiftLMDB/issues/23#issuecomment-1518677356
https://bugs.openldap.org/show_bug.cgi?id=10043
--- Comment #3 from Howard Chu hyc@openldap.org --- In particular, you wouldn't be able to safely use the LMDB command line tools like mdb_stat or mdb_copy on a database being used by a sandboxed app, unless you also build them with the app's application group name. You can do that in your own custom builds but I see no reason to support this ourselves.
https://bugs.openldap.org/show_bug.cgi?id=10043
Howard Chu hyc@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |WONTFIX Keywords|needs_review | Status|UNCONFIRMED |RESOLVED
https://bugs.openldap.org/show_bug.cgi?id=10043
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED
-
openldap-its@openldap.org