Friday, March 13, 2020

Eight Major Releases Later, Sandbox File Limit Bug Remains

Gus Mueller:

The other question I always ask [at WWDC labs]: Is the kernel resource leak for bookmarks in sandboxed applications finally fixed? I’d sure like to put Retrobatch in the app store this year, but this bug means it can only process so many images before it fails and requires a reboot…

Erik Schwiebert:

I was talking to an Apple engineer recently about this problem as it affects Office, Gus. He mentioned you and Retrobatch specifically as a known case that they have yet to address. He said he would prod engineering to look at it.

Daniel Jalkut:

This is a vexing bug that has affected MarsEdit for years, as well.

Gus Mueller:

It’s also a different limit for every Mac configuration, as explained to me by Apple engineers.


Update (2020-03-27): Michael Buckley:

The App Store version of Transmit works around this by prompting users to grant access to their entire home folder. Users have to tap a button, then we open an NSOpenPanel with setCanChooseDirectories. Users then have to correctly open their home folders.

The kernel seems smart enough to track file permissions at the highest possible level. Try to open 1000 files in a folder, you get 1000 entries in kernel memory. Open the folder first, and you only get 1 entry.

