[launchd-dev] launchd & mDNSResponder: "Policy denied Mach service lookup"

Björn Giesler bjoern at giesler.de
Mon Aug 10 12:18:01 PDT 2009


Hi,

Am 10.08.2009 um 20:52 schrieb Damien Sorresso:
> /usr/share/sandbox/mDNSResponder.sb

Thanks. That was it, indeed. Strangely, what I did was comment out  
(debug deny) and comment in (debug allow), then started mDNSResponder.  
That filled my log with all sorts of NET_OUTBOUND ALLOW messages, but  
the "Policy denied" messages were gone. So I restored the commenting,  
and now it works. I changed nothing else.

Oh, I did change one more thing: mDNSResponder.sb has access bits rw- 
r--r-- now, was r--r--r--. But that can't have been it, can it? Surely  
sandbox doesn't need to write these config files?

Regards,
Björn


More information about the launchd-dev mailing list