On 2013-11-18 20:56, Erinn Clark wrote:
- Andreas Jonsson andreas@romab.com [2013:11:18 20:33 +0100]:
Very hard to troubleshoot why it isnt working properly unless it is in debug mode :) (log file is /var/log/system.log), should anyone be curious. If this is problematic/show stopper/undesirable, i will create a new release with no debug.
Feature request: make the debug output write to its own log that is not a system.log. Something like writing to the top level directory of TBB as tbb-sandbox-debug.log would be better.
I can file it as a github issue if you like.
Hi, Would comply if it was possible. It is not under my control however. If it makes people easier of mind, this is what log file looks like:
Nov 18 20:58:20 stiletto kernel[0]: Sandbox: firefox(12880) deny file-read-data /Users/andreas/Library/Preferences/org.mozilla.torbrowser.plist Nov 18 20:58:20 stiletto kernel[0]: Sandbox: firefox(12880) deny file-read-data /Users/andreas/Library/Preferences/ByHost/.GlobalPreferences.B101F099-F648-519F-AB1B-DC931056B734.plist Nov 18 20:58:20 stiletto kernel[0]: Sandbox: firefox(12880) deny file-read-data /Users/andreas/Library/Preferences/.GlobalPreferences.plist Nov 18 20:58:20 stiletto kernel[0]: Sandbox: firefox(12880) deny file-read-data /Library/Preferences/.GlobalPreferences.plist Nov 18 20:58:20 stiletto kernel[0]: Sandbox: firefox(12880) deny file-read-data /Users/andreas/Library/Preferences/com.apple.LaunchServices.plist Nov 18 20:58:20 stiletto kernel[0]: Sandbox: firefox(12880) deny file-read-data /Users/andreas/Library/Preferences/com.apple.ATS.plist Nov 18 20:58:20 stiletto kernel[0]: Sandbox: firefox(12880) deny file-read-metadata /private/var/folders/f7/27l6xbks2yx_qml_r37vqzbr0000gn Nov 18 20:58:20 stiletto kernel[0]: Sandbox: firefox(12880) deny file-read-data /Users/andreas/Library/Preferences/com.apple.HIToolbox.plist Nov 18 20:58:24 stiletto kernel[0]: Sandbox: firefox(12880) deny mach-lookup com.apple.ls.boxd Nov 18 20:58:24 stiletto kernel[0]: Sandbox: firefox(12880) deny file-read-metadata /Users/andreas/Library/Internet Plug-Ins/WebEx64.plugin Nov 18 20:58:24 --- last message repeated 4 times --- Nov 18 20:58:24 stiletto kernel[0]: Sandbox: firefox(12880) deny file-read-metadata /Library/Internet Plug-Ins/Default Browser.plugin Nov 18 20:58:24 stiletto kernel[0]: Sandbox: firefox(12880) deny file-read-metadata /Library/Internet Plug-Ins/flashplayer.xpt Nov 18 20:58:24 stiletto kernel[0]: Sandbox: firefox(12880) deny file-read-metadata /Library/Internet Plug-Ins/JavaAppletPlugin.pluginNov 18 20:59:55 stiletto kernel[0]: Sandbox: firefox(12880) deny file-read-metadata /.vol Nov 18 20:59:55 stiletto kernel[0]: Sandbox: firefox(12880) deny file-read-metadata /Users/andreas/Documents Nov 18 20:59:55 --- last message repeated 3 times --- Nov 18 20:59:55 stiletto kernel[0]: Sandbox: firefox(12880) deny file-read-metadata /Users/andreas/Desktop/untitled folder/slask
This log files more or less explodes when opening files etc.
Perhaps the log file should be default to off, and enabled for those willing to help debugging. It will not completely remove info from this log however, should the sandbox trigger exceptions in underlying libraries.
Example:
Nov 18 20:58:20 stiletto.u88.romab.com appleeventsd[76]: rdar://problem/11489077 A sandboxed application with pid 12880, "TorBrowser" checked in with appleeventsd, but its code signature could not be validated ( either because it was corrupt, or could not be read by appleeventsd ) and so it cannot receive AppleEvents targeted by name, bundle id, or signature. Error=ERROR: #100013 { "NSDescription"="SecCodeCopyGuestWithAttributes() returned 100013, -." } (handleMessage()/appleEventsD.cp #2072) client-reqs-q
/andreas