[MacRuby-devel] is there a sane way to use/create XPC services via macruby?
Jordan K. Hubbard
jkh at apple.com
Tue Oct 11 17:59:25 PDT 2011
First, let me note that any communications at WWDC surrounding the Mac App Store and App Sandboxing are still under NDA and, as such, should not be publicly discussed until such information is released to the general public.
Second, I'd just like to clarify that XPC services and sandboxing should not be strictly conflated. XPC does indeed enable easy privilege separation, but it is not in itself a requirement for App Sandboxing. How an app should be effectively sandboxed depends entirely on the app, and in some cases that may leverage XPC, and in other cases (where the app is comparatively simple) it may not.
- Jordan
On Oct 11, 2011, at 12:56 AM, Matt Aimonetti wrote:
> MacRuby fully supports sandboxing: http://ofps.oreilly.com/titles/9781449380373/_one_step_deeper.html#_sandboxing
>
> I don't have any experience with XPC: http://developer.apple.com/library/mac/#documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingXPCServices.html but in theory we should totally support that. A nice wrapper would be great tho.
>
> I haven't read anything about XPC services being a requirement, but devs can and probably should sandbox their MacRuby apps.
>
> - Matt
>
>
> On Tue, Oct 11, 2011 at 12:29 AM, Takao Kouji <kouji at takao7.net> wrote:
> Does Anyone know any idea below?
>
> ----- on IRC #macruby channel -----
> 03:58 Aphelion: is there a sane way to use/create XPC services via macruby?
>
> 11:10 takaokouji: Aphelion: Sorry, I don't know XPC. What is XPC? XML-RPC?
>
> 13:08 Aphelion: takaokouji: IPC/sandboxing technology that apple is requiring all mac app store applications to make use of as of the first of next month to get new apps or updates approved
> 13:10 Aphelion: takaokouji: so if you need to talk to the network, you create a service with permission to do so and the main application remains completely sandboxed, only communicating with the service. or if you need to interact with another app via apple events, you make a service that does this and communicate with that. it's to decrease the potential surface area of any given vulnerability.
> 13:11 Aphelion: takaokouji: and, well... there's no choice in the matter. nothing will make it into the app store without using app sandboxing at least, which realistically means making use of xpc services, as of the first of next month. period.
> -----
>
> ---
> TAKAO Kouji <kouji at takao7.net>
> blog: http://d.hatena.ne.jp/kouji0625/
> twitter: takaokouji / projects: ruby, s7-seven
>
> _______________________________________________
> MacRuby-devel mailing list
> MacRuby-devel at lists.macosforge.org
> http://lists.macosforge.org/mailman/listinfo.cgi/macruby-devel
>
> _______________________________________________
> MacRuby-devel mailing list
> MacRuby-devel at lists.macosforge.org
> http://lists.macosforge.org/mailman/listinfo.cgi/macruby-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/macruby-devel/attachments/20111011/7187af99/attachment.html>
More information about the MacRuby-devel
mailing list