Bug 37605 - Sand box error when using Mono in OSX app store application.
Summary: Sand box error when using Mono in OSX app store application.
Status: RESOLVED ANSWERED
Alias: None
Product: MonoMac
Classification: Desktop
Component: Bindings ()
Version: GIT
Hardware: Macintosh Mac OS
: --- normal
Target Milestone: ---
Assignee: Chris Hamons
URL:
Depends on:
Blocks:
 
Reported: 2016-01-12 10:56 UTC by Sanketh Bhat
Modified: 2016-01-15 21:51 UTC (History)
2 users (show)

Tags:
Is this bug a regression?: ---
Last known good build:

Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.


Please create a new report on Developer Community or GitHub with your current version information, steps to reproduce, and relevant error messages or log files if you are hitting an issue that looks similar to this resolved bug and you do not yet see a matching new report.

Related Links:
Status:
RESOLVED ANSWERED

Description Sanketh Bhat 2016-01-12 10:56:50 UTC
Hi Team,

I am using mono version 2.10.9 to call C# DLL's in my OSX objective-c desktop application.

Please note C# DLL's has logic to generate PDF which makes C# File IO calls.

When i wanted to push this OSX to app store, observed below sand boxing errors.

Sandbox errors:
12/16/15 2:03:48.204 PM sandboxd[172]: ([73225]) ABC(73225) deny ipc-posix-shm-read-data /mono.55941
12/16/15 2:03:48.289 PM sandboxd[172]: ([73225]) ABC(73225) deny ipc-posix-shm-write-create /mono.73225
12/16/15 2:03:48.339 PM sandboxd[172]: ([73225]) ABC(73225) deny file-read-data /
12/16/15 2:03:48.348 PM sandboxd[172]: ([73225]) ABC(73225) deny file-read-data /Users
12/16/15 2:03:48.355 PM sandboxd[172]: ([73225]) ABC(73225) deny file-read-data /Users/sbhat2
12/16/15 2:03:48.395 PM sandboxd[172]: ([73225]) ABC(73225) deny file-read-data /Users/sbhat2/Library
12/16/15 2:03:48.405 PM sandboxd[172]: ([73225]) ABC(73225) deny file-read-data /Users/sbhat2/Library/Containers



Log file: http://mono.1490590.n4.nabble.com/file/n4667171/SandboxBuildError.SandboxBuildError.

Please note i am new to Mono framework, can you please share your inputs if somebody has faced similar issue earlier or any inputs around how can i fix this issue.

Thanks, 
Sanketh Bhat
Comment 1 Chris Hamons 2016-01-12 17:34:57 UTC
Are you sure you are on mono 2.10? I'm personally using 4.2, and 4.0+ has been standard for awhile.

bash-3.2$ mono --version
Mono JIT compiler version 4.2.1 (explicit/6dd2d0d Fri Nov  6 12:25:19 EST 2015)

How are you invoking mono? We need a lot more information to consider this a bug report.
Comment 2 Sanketh Bhat 2016-01-13 16:55:25 UTC
Thanks a lot Chris for started looking into this.

We are using Mono.framework being embedded in the app store application i.e Mono.framework file exists in the app bundle.

I am thinking that updating Mono to 4.2 will not fix this issue because its the way mono initialization happens which is leading us to sandbox errors.

End Goal:
a. We have C#.Net DLL's which has all the print logic of generating PDF.
b. We want to use this same DLL to generate the print.
c. The original source code of print is in java, hence IKVM.Net has been used to wrap around the java code.

Below are the technical details.
a. We first initialize the mono environment i.e configure mono by setting the library and cache folder.

- (id) init
{
	self = [super init];
  
	if (self)
	{
		NSBundle* mainBundle = [NSBundle mainBundle];

		NSString *monoFrameworkPath = [[mainBundle privateFrameworksPath] stringByAppendingPathComponent:@"Mono.framework"];
		NSString* monoLib = [monoFrameworkPath stringByAppendingPathComponent:@"Libraries"];
		NSString* monoEtc = [monoFrameworkPath stringByAppendingPathComponent:@"Home/etc"];
		
		NSFileManager* fileManager = [NSFileManager defaultManager];
		NSString* monoCacheEtc = [[fileManager findCacheDirectoryPathWithCreate:YES] stringByAppendingPathComponent:@"Mono"];
    NSURL *monoCacheEtcURL = [NSURL fileURLWithPath:monoCacheEtc];
        
    [fileManager removeItemAtURL: monoCacheEtcURL error:nil];
    [fileManager copyItemAtURL:[NSURL fileURLWithPath:monoEtc] toURL:monoCacheEtcURL error:nil];
        
		mono_set_dirs([monoLib UTF8String], [monoCacheEtc UTF8String]);
		
		NSString* configPath = [monoCacheEtc stringByAppendingPathComponent:@"config"];
		NSString* configContent = @"<configuration>";
		configContent = [configContent stringByAppendingString:@"<dllmap dll=\"MonoPosixHelper\" target=\""];
		configContent = [configContent stringByAppendingString:[monoLib stringByAppendingPathComponent:@"libMonoPosixHelper.dylib"]];
		configContent = [configContent stringByAppendingString:@"\" />"];
		configContent = [configContent stringByAppendingString:@"<dllmap dll=\"ikvm-native\" target=\""];
		configContent = [configContent stringByAppendingString:[monoLib stringByAppendingPathComponent:@"libikvm-native.dylib"]];
		configContent = [configContent stringByAppendingString:@"\" />"];
		configContent = [configContent stringByAppendingString:@"<dllmap dll=\"i:msvcrt.dll\" target=\"libc.dylib\" os=\"!windows\"/>"];
		configContent = [configContent stringByAppendingString:@"<dllmap dll=\"i:msvcrt\" target=\"libc.dylib\" os=\"!windows\"/>"];
		configContent = [configContent stringByAppendingString:@"</configuration>"];
		[configContent writeToFile:configPath atomically:YES encoding:NSASCIIStringEncoding error:NULL];
		mono_config_parse ([configPath UTF8String]);
		
		
		NSString* dll = [mainBundle pathForResource:@"print-engine" ofType:@"dll" inDirectory:@"PrintLibs"];
		domain = mono_jit_init_version("com.printpdf","v2.0.50727");
		assembly = mono_domain_assembly_open(domain, [dll UTF8String]);
		image = mono_assembly_get_image(assembly);
		
		NSString* jdkDll = [mainBundle pathForResource:@"IKVM.OpenJDK.Core" ofType:@"dll" inDirectory:@"PrintLibs"];
		javaCoreAssembly = mono_domain_assembly_open(domain, [jdkDll UTF8String]);
		javaImage = mono_assembly_get_image(javaCoreAssembly);
		
		NSString* jdkXMLParseDll = [mainBundle pathForResource:@"IKVM.OpenJDK.XML.Parse" ofType:@"dll" inDirectory:@"PrintLibs"];
		javaXMLParseAssembly = mono_domain_assembly_open(domain, [jdkXMLParseDll UTF8String]);

	}
	return self;
}

b. Once this initialization completes, we starts calling the classes in the DLL's using the image variable which was initialized using the assembly.
c. The above code works fine in normal MAC desktop app, but in MAC app store we are facing the sandboxing errors has explained in the issue.

Please let me know if you need more information.

We are ready to even purchase premium support from Xamarin to help us fix this issue, also let me know if i can setup an WebEx and walk you over the running code.

I am located in India and look forward for the response or i can setup an audio call.

Thanks again for the help.

Thanks,
Sanketh Bhat
Bangalore
India
Comment 3 Chris Hamons 2016-01-13 17:36:50 UTC
So, just FYI, this is not considered a normal use case and is not a supported use case.

I did do some digging however, and I think setting this might convince mono to stop trying to access shared memory.

	setenv ("MONO_DISABLE_SHARED_AREA", "", 1);

If you are interested in moving to Xamarin.Mac (the paid supported product), we have a, still unsupported, but documented/working example to do what you are trying to accomplish.

https://github.com/abock/EmbeddedXamarinMac

Let me know if that solves it for you.
Comment 4 Sanketh Bhat 2016-01-13 17:52:34 UTC
Hi Chris, thanks a lot for the reply.

I thought Mono is designed to call .Net code in Objective-C which is what i am trying to do in my App. Just wanted to confirm is Mono framework designed primarily to run within Xamarin context or independently as well.

Yes i will be interested to purchase paid support if Xamarin can help me solve the above use case.

Please let me know how can we take this issue from here to get paid support.
Comment 5 Chris Hamons 2016-01-13 18:06:14 UTC
Mono certainly has support for doing what you want to do, if you are willing to get your hands dirty (as you have so far). :)

In general, however, we don't consider it a "supported" configuration, since it doesn't have the polish and may break when you upgrade (as the underlying mono changes). We recommend (and require on iOS) letting us handle "main" (handling the launcher, setting up mono, etc such) and then calling into objective-c code instead of the other way around.

Mono is a community project, and people use it to do a number of awesome things. We just don't consider all of them stable/polished/awesome enough to promise support when they break.

Did you try the setenv line that I posted? I think it has promise to fix at least some of the issues you are running into.

If you want to head down the route of moving to Xamarin.Mac, this will be equally as "unsupported" technically. Though, the example I linked was written by the former Xamarin.Mac lead and updated by me (the current lead), and has been used by others successfully.
Comment 6 Sanketh Bhat 2016-01-13 18:07:54 UTC
Thanks will surely try.

How can i get paid support from Xamarin to fix my issue.
Comment 7 Sanketh Bhat 2016-01-13 18:21:17 UTC
Thanks will surely try. Can you let me know how i can set environment variables in MAC OSX. I am coding the above requirements in Objective C.

How can i get paid support from Xamarin to fix my issue.
Comment 8 Chris Hamons 2016-01-14 15:06:39 UTC
setenv is a standard C function - https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man3/setenv.3.html
Comment 9 Chris Hamons 2016-01-14 15:07:34 UTC
I am unsure what policy if any we have in terms of paid support for "unsupported" scenarios, but I've spoke to a member of our sales team who will get in touch in the next few days to chat.
Comment 10 Tuncer Deniz 2016-01-15 21:12:32 UTC
Chris,

We're in the same boat as Sanketh as we can't get it to work either. We're having sandbox issues as well. I think we may need paid support as well.

Tuncer
Comment 11 Tuncer Deniz 2016-01-15 21:33:43 UTC
Oh, here's the errors we are getting:

1/15/16 3:31:41.689 PM secinitd[454]: MacLox[41244]: unable to get root path for bundle of main executable: /Volumes/Dev2/MacPlay Archives/Lord of Xulima/Wrapped Application/Lords of Xulima.app/Contents/Resources/MacLox
1/15/16 3:31:41.000 PM kernel[0]: Sandbox: MacLox(41244) deny(1) ipc-posix-shm-write-create /mono.41244
1/15/16 3:31:42.000 PM kernel[0]: Sandbox: MacLox(41244) deny(1) file-read-data /Users/tuncer2/Library/Application Support/LordsofXulima/Configuration.txt
1/15/16 3:31:42.000 PM kernel[0]: Sandbox: MacLox(41244) deny(1) file-read-data /Users/tuncer2/Library/Application Support/LordsofXulima/Configuration.txt
1/15/16 3:31:42.000 PM kernel[0]: Sandbox: MacLox(41244) deny(1) file-write-create /Users/tuncer2/Library/Application Support/LordsofXulima/Temp_Configuration.txt
Comment 12 Chris Hamons 2016-01-15 21:51:16 UTC
Since this bug is getting additional attention, let me clarify Xamarin's position on supporting embedding mono:

While the functionality you're requesting should work, this isn't a scenario Xamarin can provide support (paid or otherwise).

Xamarin provides tools for building Mac apps in C#, which leverage mono, but we _do not provide commercial support for Mono_.

As I linked before, setting this variable might help solve some of your issues

	setenv ("MONO_DISABLE_SHARED_AREA", "", 1);

and you can take a look at this example

	https://github.com/abock/EmbeddedXamarinMac

to see how it solves this problem (using Xamarin.Mac. Feel free to reach out to hello@xamarin.com for questions on licensing Xamarin.Mac).

But in this end, this is unsupported territory, even with a Xamarin.Mac license. You are welcome to try to make it work on your own.

You could also take a look at the community mailing list (http://lists.ximian.com/mailman/listinfo/mono-list), as they may possibly be of assistance