Running a script from within swift app (QLExtension)

I am trying to run a simple bash script from within swift. Eventually it should call a python script, but for now, I am just trying to get it to echo hello.

The script is included in the bundle and also included in the targets. The script is called from the QLExtension. The script is correctly found, but I get an error:
Error Domain=NSPOSIXErrorDomain Code=1 "Operation not permitted"

    let scriptPath = Bundle.main.path(forResource: "run_local", ofType: "sh")
    if scriptPath == nil {
        print("script not found or other error")
        return nil
    } 
    
    let process = Process()
    process.executableURL = URL(fileURLWithPath: "/bin/bash")
    process.arguments = [scriptPath!]

    do {
        try process.run()
        process.waitUntilExit()
    } catch {
        print("Failed to run the script: \(error)")
    }

The script, run_local.sh is included in the bundle and is just

#!/bin/bash
echo "hi" > /dev/null

Is this possible? Are there other particular entitlements that I need in order for this to work? Everything else works with this app; this is the only error.

Try without sandbox? I remember having a similar issue recently.

If I just change the setting on "App Sandbox" to NO (and leave everything else in the QLExtension entitlements file unchanged), the QLExtension no longer works at all (and also outputs no logs, because it seems never to activate). I also modified the actual all entitlements to "App Sandbox" NO, too.

FWIW, the sandbox does have an effect on the main app - when it builds and runs, I no longer get asked to confirm that I want to run an unknown app.

But the QLExtension never triggers (nor does it prompt the "do you want to run this ..." message)

Adding com.apple.security.scripting-targets also does not work.

This suggests that one cannot unsandbox an app extension.

And This gives a potential workaround that I was trying, but allowing xcode to automatically manage build targets broke my build process

1 Like

This is very Apple specific, which makes it kinda off-topic for Swift Forums, where the focus is on the Swift language and related open source technologies. Please start a new thread over on Apple Developer Forums. Tag it with (at least) App Sandbox so that I see it.

However, just to set expectations: I don’t think you’ll be able to make this work. Quick Look extensions, in common with all app extensions, must be sandboxed. And that EPERM is a strong indication that the the Quick Look extension’s sandbox is preventing you from starting a child process.

Share and Enjoy

Quinn “The Eskimo!” @ DTS @ Apple

Some new "canLaunchApps" temporary entitlement could be of help here.

Am I right assuming that the recently discussed pitch-swift-subprocess feature is also unavailable in sandboxed apps?

@jsrozner if you post on Apple DevForums please post the discussion link here.

Am I right assuming that the recently discussed
[pitch-swift-subprocess](https://forums.swift.org/t/pitch-swift-
subprocess) feature is also unavailable in sandboxed apps?

Correct. On Apple platforms both Process and Subprocess use posix_spawn, and that’s where this sandbox restriction is enforce.

if you post on Apple DevForums please post the discussion link here.

+1

Share and Enjoy

Quinn “The Eskimo!” @ DTS @ Apple

Alright, I have posted to apple dev forum, though the post is currently in review: thread link

1 Like