Login/Register
NSPOSIXErrorDomain when binding to socket on macOS 10.12
Asked Answered
Solved swiftmacossocketsudpcocoaasyncsocket
I

3

8

I am playing with CocoaAsyncSocket in Swift to bind to a UDP socket and receive messages over the local network.

I am initialising a socket, and trying to bind to a port but am getting a NSPOSIXErrorDomain error. Perhaps indicating some sort of permissions issue?

My code:

import Cocoa
import CocoaAsyncSocket

@NSApplicationMain
class AppDelegate: NSObject, NSApplicationDelegate, GCDAsyncUdpSocketDelegate {
    func applicationDidFinishLaunching(_ aNotification: Notification) {
        let socket = GCDAsyncUdpSocket.init(delegate: self, delegateQueue: DispatchQueue.main)
        do {
            try socket.bind(toPort: 53401)
        } catch let msg {
            NSLog("Error....\(msg)")
        }
    }
}

Full error:

Error Domain=NSPOSIXErrorDomain Code=1 "Operation not permitted" UserInfo={NSLocalizedDescription=Operation not permitted, NSLocalizedFailureReason=Error in bind() function}
Inkstand answered 13/12, 2017 at 16:5 Comment(1)
I have the same issue (in Objective-C). The strange thing is that when I run the UdpEchoServer sample app supplied with the project, the same bind call works correctly.Leveloff
L
4

I believe it's the generated Xcode entitlements that prevent from binding. I changed those values to false and now the bind works

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>com.apple.security.app-sandbox</key>
    <false/>
    <key>com.apple.security.files.user-selected.read-only</key>
    <false/>
</dict>
</plist>
Leveloff answered 12/1, 2018 at 11:2 Comment(2)
AFAIK this disables sandboxing for the macOS App. Apple says in it's Sandbox Guidelines "Apps distributed through the Mac App Store must adopt App Sandbox". So with this solution it would not be possible anymore to publish the app via Mac App Store - is this true?Maggie
I use this macOS app only for local development without publishing to the AppStore so I don't knowLeveloff
R
8

You should enable its network capability

in macOS Catalina Version 10.15.3:

enter image description here

Rumple answered 2/4, 2020 at 13:12 Comment(0)
L
4

I believe it's the generated Xcode entitlements that prevent from binding. I changed those values to false and now the bind works

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>com.apple.security.app-sandbox</key>
    <false/>
    <key>com.apple.security.files.user-selected.read-only</key>
    <false/>
</dict>
</plist>
Leveloff answered 12/1, 2018 at 11:2 Comment(2)
AFAIK this disables sandboxing for the macOS App. Apple says in it's Sandbox Guidelines "Apps distributed through the Mac App Store must adopt App Sandbox". So with this solution it would not be possible anymore to publish the app via Mac App Store - is this true?Maggie
I use this macOS app only for local development without publishing to the AppStore so I don't knowLeveloff
H
0

You should not disable the App Sandboxing.

This will at least result in your App being rejected when you try to distribute it to AppStoreConnect.

The proper values to add to the entitlements file are these two:

<key>com.apple.security.network.client</key>
<true/>

<key>com.apple.security.network.server</key>
<true/>

You can also use the GUI:

  1. Go to the target settings of the App
  2. Go to "Signing & Capabilities" in the App target settings
  3. Check the "Incoming network connections (server)" and/or "Outgoing network connections (client)" according to your needs

Note that this will simply create the entries in the entitlements file, so it's probably easier to edit it directly.

Hermon answered 22/11, 2023 at 20:47 Comment(2)
This is basically a repost of the (currently) highest voted answer.Fingering
The currently highest-voted answer is a screenshot for a specific macOS version with no further information besides the hint to the network capability. I'd edit that answer to include my additional information, but I get some error about too many edits being pending.Hermon

© 2022 - 2024 — McMap. All rights reserved.