Sandboxing and Apple System Log (asl) searches

  • Hi,

    In my application, I want to be able to collect Apple system log information about my application, and have been using asl_new(ASL_TYPE_QUERY); to do so.

    Unfortunately this needs to access any files in /private/var/log/asl/*

    I understand that there is no way to add an entitlement that will allow access to all the files in a folder. Is there any way of either setting up an entitlement to allow access to all the files in that folder, or another way to read the system logs in a way that is sandbox friendly?

    TIA

    Gideon
  • On May 20, 2013, at 5:53 AM, Gideon King <gideon...> wrote:

    > Hi,
    >
    > In my application, I want to be able to collect Apple system log information about my application, and have been using asl_new(ASL_TYPE_QUERY); to do so.
    >
    > Unfortunately this needs to access any files in /private/var/log/asl/*
    >
    > I understand that there is no way to add an entitlement that will allow access to all the files in a folder. Is there any way of either setting up an entitlement to allow access to all the files in that folder, or another way to read the system logs in a way that is sandbox friendly?

    No. Last I checked, for some crazy reason the sandbox people think that reading your own logs is a security concern because you can then read logs from other components. Personally I think this is ludicrous, but them's the breaks.

    File a radar.

    --Kyle Sluder
  • On Mon, 20 May 2013 22:53:50 +1000, Gideon King said:

    > In my application, I want to be able to collect Apple system log
    > information about my application, and have been using
    > asl_new(ASL_TYPE_QUERY); to do so.
    >
    > Unfortunately this needs to access any files in /private/var/log/asl/*
    >
    > I understand that there is no way to add an entitlement that will allow
    > access to all the files in a folder. Is there any way of either setting
    > up an entitlement to allow access to all the files in that folder, or
    > another way to read the system logs in a way that is sandbox friendly?

    What Kyle said.  Until then:

      <key>com.apple.security.temporary-exception.files.absolute-path.read-only</key>
      <array>
        <string>/private/var/log/asl/</string>
      </array>

    Cheers,

    --
    ____________________________________________________________
    Sean McBride, B. Eng                <sean...>
    Rogue Research                        www.rogue-research.com
    Mac Software Developer              Montréal, Québec, Canada
previous month may 2013 next month
MTWTFSS
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31    
Go to today