Skip navigation

collabpp deny file-read-data /Library/Preferences/.GlobalPreferences.plist

15964 Views 30 Replies Latest reply: Nov 26, 2013 1:03 PM by dotpage RSS
  • OoO_Bailey_OoO Level 1 Level 1 (0 points)

    Hi,

     

    Any news on this one? I can see these messages as well, but like you said, there is no collabpp.sb profile to edit.

     

    2012-10-15 1:06:18.000 PM kernel[0]: Sandbox: sandboxd(20365) deny mach-lookup com.apple.coresymbolicationd

    2012-10-15 1:06:19.720 PM sandboxd[20365]: ([20362]) collabpp(20362) deny file-read-metadata /private/var/teamsserver

    2012-10-15 1:06:20.466 PM sandboxd[20365]: ([20362]) collabpp(20362) deny file-read-data /Library/Preferences/.GlobalPreferences.plist

    2012-10-15 1:06:21.327 PM sandboxd[20365]: ([20362]) collabpp(20362) deny file-read-data /Library/Preferences/.GlobalPreferences.plist

  • petrahu Level 1 Level 1 (0 points)

    Edit the file

    /Applications/Server.app/Contents/ServerRoot/System/Library/Sandbox/Profiles/col labpp.sb

     

    add to the list of "allow file-read*":

          (literal "/Library/Preferences/.GlobalPreferences.plist")

    add to the list of "allow file-read-metadata":

         (literal "/private/var/teamsserver")

     

    and reboot.

     

    Regards.

    P.

    Mac Pro, OS X Server
  • OoO_Bailey_OoO Level 1 Level 1 (0 points)

    Hey that worked. Thanks! I was looking in the wrong spot for the profile.

     

    I suppose I could use these general principles for other recognizable sandboxd errors (coresymbolicationd, mdworker).

  • Michael Carter Level 1 Level 1 (0 points)

    Where did you find that documented?

  • tim_r_66 Level 1 Level 1 (30 points)

    Petrahu,

     

    Adding your entries to my collabpp.sb fixed the errors in my log, but I'd be happy if you could explain why?  And, what is impacted by these changes?

     

    Also, I did a sudo mkdir /var/teamsserver and that seems to have cleared up those errors but doesn't seem to have impacted by wiki/webcal/group calendars issues.  Again, are you able/willing to explain the issue with the teamsserver and what is affected by clearning the error?

     

    Thanks!

     

    Tim

     

    Message was edited by: tim_r_66: meant to reply to Petrahu

  • petrahu Level 1 Level 1 (0 points)

    The task of the apparmor process in Linux distributions is  similar.

    There are definitions about process permissions in some configuration files. I did a

    "find / -xdev -name \*collabpp\*",  found this file and my experience helped me.

     

    The missing directory /var/teamsserver seems to be a design error from Apple,

    I don't know.

     

    Regards.

    Petra


  • - Krzysztof - Level 1 Level 1 (5 points)

    I'm trying to remove all errors, that are logged every five minutes.

    Some I found in the discussions and removed them.

     

    Jan 26 10:21:18 server com.apple.launchd[1] (com.apple.collabd.expire[1577]): Exited with code: 1

    Jan 26 10:21:18 server.mydomain.com sandboxd[1581] ([1578]): collabpp(1578) deny file-read-data /Applications/Server.app/Contents/ServerRoot/usr/lib/libpq.5.5.dylib

    Jan 26 10:21:18 server kernel[0]: Sandbox: sandboxd(1581) deny mach-lookup com.apple.coresymbolicationd

    Jan 26 10:21:21 server.mydomain.com collabd[154]: [CSContentService:47 411c000 +11ms] Detected Magic Superuser Auth Token

    I don't know what it is. Can someone help?

  • ajm_from_WA Level 1 Level 1 (10 points)

    I am having similar problem, but i do not see the teamserver user in WGM, even after showing system records....

  • Malbrouck Level 1 Level 1 (10 points)

    It seems the library version has increased. In the collabpp.sb file I found the line:

     

    (literal "/Applications/Server.app/Contents/ServerRoot/usr/lib/libpq.5.4.dylib")

     

    And I added just under it the line:

     

    (literal "/Applications/Server.app/Contents/ServerRoot/usr/lib/libpq.5.5.dylib")

  • alexri Level 1 Level 1 (10 points)

    Even if I activate "show system entries" in Workgroup Manager I can't find the user "teamserver".

    Should I create it? What services creates it in general?

  • - Krzysztof - Level 1 Level 1 (5 points)

    I can't find the callabpp.sb file.

     

    Where should it be?

  • Trismegister Level 1 Level 1 (10 points)

    Some explanation of the sandbox technology and what these .sb file entries mean is given here.

  • dotpage Level 1 Level 1 (0 points)

    Thanks all!

     

    Did it all, have less errors, but this persists:

     

    7/21/13 3:40:05.269 PM sandboxd[757]: ([753]) collabpp(753) deny file-read-data /Library/Preferences/.GlobalPreferences.plist

     

    Report:

     

    collabpp(753) deny file-read-data /Library/Preferences/.GlobalPreferences.plist

     

     

    Process:         collabpp [753]

    Path:            /Applications/Server.app/Contents/ServerRoot/usr/sbin/collabpp

    Load Address:    0x1098fa000

    Identifier:      collabpp

    Version:         ??? (???)

    Code Type:       x86_64 (Native)

    Parent Process:  launchd [1]

     

     

    Date/Time:       2013-07-21 15:40:04.749 -0500

    OS Version:      Mac OS X 10.8.3 (12D78)

    Report Version:  8

     

     

    Thread 0:

    0   libsystem_kernel.dylib                  0x000000010caed6c2 semaphore_wait_trap + 10

    1   libxpc.dylib                            0x000000010cbaee1f xpc_connection_send_message_with_reply_sync + 127

    2   CoreFoundation                          0x000000010a4ec1a0 -[CFPrefsPlistSource copyReplyForDaemonMessage:toConnection:error:] + 144

    3   CoreFoundation                          0x000000010a4ecda8 __33-[CFPrefsPlistSource synchronize]_block_invoke_0 + 296

    4   CoreFoundation                          0x000000010a4e8727 withDaemonConnection + 87

    5   CoreFoundation                          0x000000010a4ecb8c -[CFPrefsPlistSource synchronize] + 316

    6   CoreFoundation                          0x000000010a4eb9c1 -[CFPrefsPlistSource synchronizeIfStale] + 113

    7   CoreFoundation                          0x000000010a4eba9a -[CFPrefsPlistSource copyValueForKey:] + 42

    8   CoreFoundation                          0x000000010a4eaa33 -[CFPrefsSearchListSource copyValueForKey:] + 131

    9   CoreFoundation                          0x000000010a4e68a0 __CFPreferencesCopyAppValue_block_invoke_0 + 32

    10  CoreFoundation                          0x000000010a4ea008 +[CFPrefsSearchListSource withSearchListForIdentifier:perform:] + 824

    11  CoreFoundation                          0x000000010a3bf9ca CFPreferencesCopyAppValue + 186

    12  CoreFoundation                          0x000000010a407fb2 CFPreferencesGetAppIntegerValue + 34

    13  CFNetwork                               0x000000010c41eb74 DiagnosticLogging::userDiagnosticLevel() + 102

    14  CFNetwork                               0x000000010c41ead8 DiagnosticLogging::newMsg(LogFormatter::LineInfo const&, DiagnosticLogging::Level) + 22

    15  CFNetwork                               0x000000010c42d8ee DiskCookieStorage::initialize(MemoryCookies const*) + 356

    16  CFNetwork                               0x000000010c42d656 _createByFile(__CFDictionary const*) + 116

    17  CFNetwork                               0x000000010c42d47f _createByIdentifier(__CFDictionary const*) + 495

    18  CFNetwork                               0x000000010c42d118 cacheOrCreate(__CFDictionary const*, PrivateHTTPCookieStorage* (*)(__CFDictionary const*)) + 246

    19  CFNetwork                               0x000000010c42cdf1 _CFHTTPCookieStorageCreateWithProperties + 819

    20  CFNetwork                               0x000000010c42ca65 __copyCookieStorage_block_invoke_0 + 273

    21  libdispatch.dylib                       0x000000010c8ea0b6 _dispatch_client_callout + 8

    22  libdispatch.dylib                       0x000000010c8ea041 dispatch_once_f + 50

    23  CFNetwork                               0x000000010c42c93d StorageSession::copyCookieStorage() const + 83

    24  CFNetwork                               0x000000010c42bfc3 _CFHTTPCookieStorageGetDefault + 47

    25  Foundation                              0x0000000109cd57be -[NSHTTPCookieStorageInternal initWithSharedStorage] + 78

    26  Foundation                              0x0000000109cd573c -[NSHTTPCookieStorage(NSInternal) _initWithSharedStorage] + 90

    27  Foundation                              0x0000000109cd56c3 initSharedCookieManager + 40

    28  libsystem_c.dylib                       0x000000010c983ff0 pthread_once + 87

    29  Foundation                              0x0000000109cd5692 +[NSHTTPCookieStorage sharedHTTPCookieStorage] + 23

    30  WebKit                                  0x0000000109a696cc WKSetCookieStoragePrivateBrowsingEnabled + 28

    31  WebCore                                 0x000000011204edd2 WebCore::Settings::setPrivateBrowsingEnabled(bool) + 34

    32  WebKit                                  0x0000000109a18cb5 -[WebView(WebPrivate) _preferencesChanged:] + 1477

    33  WebKit                                  0x0000000109ac8d7e -[WebView(WebPrivate) _commonInitializationWithFrameName:groupName:] + 2382

    34  WebKit                                  0x0000000109a12e53 -[WebView(WebPrivate) _initWithFrame:frameName:groupName:usesDocumentViews:] + 195

    35  WebKit                                  0x0000000109a12c8f -[WebView initWithFrame:frameName:groupName:] + 255

    36  WebKit                                  0x0000000109a3eaac -[WebView initWithFrame:] + 60

    37  collabpp                                0x00000001098fdcb6 setupWebKitApp + 326

    38  collabpp                                0x00000001098ffe3a main + 1457

    39  libdyld.dylib                           0x000000010c9287e1 start + 0

     

     

    Thread 1:

    0   libsystem_kernel.dylib                  0x000000010caefd16 kevent + 10

    1   libdispatch.dylib                       0x000000010c8ec9ee _dispatch_mgr_thread + 54

     

     

    Thread 2:

    0   libsystem_kernel.dylib                  0x000000010caef6d6 __workq_kernreturn + 10

    1   libsystem_c.dylib                       0x000000010c984d13 _pthread_wqthread + 412

    2   libsystem_c.dylib                       0x000000010c96f1d1 start_wqthread + 13

     

     

    Thread 3:

    0   libsystem_kernel.dylib                  0x000000010caef6d6 __workq_kernreturn + 10

    1   libsystem_c.dylib                       0x000000010c984d13 _pthread_wqthread + 412

    2   libsystem_c.dylib                       0x000000010c96f1d1 start_wqthread + 13

     

     

    Thread 4:

    0   libsystem_kernel.dylib                  0x000000010caef6d6 __workq_kernreturn + 10

    1   libsystem_c.dylib                       0x000000010c984d13 _pthread_wqthread + 412

    2   libsystem_c.dylib                       0x000000010c96f1d1 start_wqthread + 13

     

     

    Binary Images:

           0x1098fa000 -        0x109906fff  collabpp (238.17) <A3A98098-2035-33FB-8D84-BCE39E0E0FCB> /Applications/Server.app/Contents/ServerRoot/usr/sbin/collabpp

           0x109a08000 -        0x109b93ff7  com.apple.WebKit (8536 - 8536.28.10) <792FA1F3-68F2-36F8-A070-898B3682F5DE> /System/Library/Frameworks/WebKit.framework/Versions/A/WebKit

           0x109c9e000 -        0x109ffbff7  com.apple.Foundation (6.8 - 945.16) <89BD68FD-72C8-35C1-94C6-3A07F097C50D> /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation

           0x10a372000 -        0x10a55cff7  com.apple.CoreFoundation (6.8 - 744.18) <A60C3C9B-3764-3291-844C-C487ACF77C2C> /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation

           0x10c3c0000 -        0x10c535fff  com.apple.CFNetwork (596.3.3 - 596.3.3) <3739DC8D-8610-3740-80EC-43E130779CB8> /System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork

           0x10c8e8000 -        0x10c8fdff7  libdispatch.dylib (228.23) <D26996BF-FC57-39EB-8829-F63585561E09> /usr/lib/system/libdispatch.dylib

           0x10c926000 -        0x10c929ff7  libdyld.dylib (210.2.3) <F59367C9-C110-382B-A695-9035A6DD387E> /usr/lib/system/libdyld.dylib

           0x10c96e000 -        0x10ca3aff7  libsystem_c.dylib (825.26) <4C9EB006-FE1F-3F8F-8074-DFD94CF2CE7B> /usr/lib/system/libsystem_c.dylib

           0x10cadd000 -        0x10caf8ff7  libsystem_kernel.dylib (2050.22.13) <5A961E2A-CFB8-362B-BC43-122704AEB047> /usr/lib/system/libsystem_kernel.dylib

           0x10cba3000 -        0x10cbc5ff7  libxpc.dylib (140.42) <BBE558BD-5E55-35E4-89ED-1AA6B056D05A> /usr/lib/system/libxpc.dylib

           0x111ff1000 -        0x112faefff  com.apple.WebCore (8536 - 8536.28.10) <89CDA119-0FC8-3D0E-87B8-AB96BE6D1A36> /System/Library/Frameworks/WebKit.framework/Versions/A/Frameworks/WebCore.frame work/Versions/A/WebCore

     

     

    FILE:

     

    (version 1)

    (import "system.sb")

    (deny default)

     

     

    (allow authorization-right-obtain

           (right-name "system.privilege.admin"))

     

     

    (allow file-read*

           (literal "/")

           (literal "/Applications/Server.app/Contents/ServerRoot/System/Library/PrivateFrameworks/ CSLogging.framework/Versions/A/CSLogging")

           (literal "/Applications/Server.app/Contents/ServerRoot/System/Library/PrivateFrameworks/ CSService.framework/Versions/A/CSService")

           (literal "/Applications/Server.app/Contents/ServerRoot/System/Library/PrivateFrameworks/ PostgreSQLClient.framework/Versions/A/PostgreSQLClient")

           (literal "/Applications/Server.app/Contents/ServerRoot/usr/lib/libpq.5.4.dylib")

           (literal "/Applications/Server.app/Contents/ServerRoot/usr/lib/libpq.5.5.dylib")

           (literal "/Applications/Server.app/Contents/ServerRoot/usr/sbin/collabpp")

           (literal "/Applications/Server.app/Contents/ServerRoot/usr/sbin/collabpp.strip/..namedfo rk/rsrc")

           (literal "/Applications/Server.app/Contents/ServerRoot/usr/sbin/collabpp/..namedfork")

           (literal "/Applications/Server.app/Contents/ServerRoot/usr/sbin/collabpp/..namedfork/rsr c")

           (literal "/Applications/Server.app/Contents/ServerRoot/usr/sbin")

           (literal "/Applications/Server.app/Contents/ServerRoot/usr/share/collabd/coreclient/loca les/en.lproj/default.strings")

           (subpath "/Library/Server/Wiki")

           (subpath (param "FileDataPath"))

           (subpath "/Library/Fonts")

           (subpath "/System/Library/Fonts")

           (literal "/private/var/db/mds/messages/se_SecurityMessages")

           (literal "/Library/Server/Wiki/Logs/preview_generator.log")

           (literal "/private/tmp/kick-collabpp/kick")

           (subpath "/Library/Internet Plug-Ins")

           (subpath "/private/var/folders"))

           (literal "/Library/Preferences/.GlobalPreferences.plist")

     

     

    (allow file-read-metadata

           (literal "/Applications")

           (literal "/Applications/Server.app")

           (literal "/Applications/Server.app/Contents")

           (subpath "/Applications/Server.app/Contents/ServerRoot")

           (literal "/Library")

           (literal "/Library/Server")

           (literal "/private/var"))

           (literal "/private/var/teamsserver")

     

     

    (allow file-write*

           (subpath (param "FileDataPath"))

           (literal "/private/var/teamsserver")

           (literal "/private/tmp/kick-collabpp/kick")

           (literal "/Library/Server/Wiki/Logs/preview_generator.log")

           (subpath "/private/var/folders"))

     

     

    (allow iokit-open

           (iokit-user-client-class "IOHIDParamUserClient")

           (iokit-user-client-class "RootDomainUserClient"))

     

     

     

     

    (allow mach-lookup

           (global-name "com.apple.CoreServices.coreservicesd")

           (global-name "com.apple.FontObjectsServer")

           (global-name "com.apple.FontServer")

           (global-name "com.apple.SecurityServer")

           (global-name "com.apple.SystemConfiguration.SCNetworkReachability")

           (global-name "com.apple.SystemConfiguration.configd")

           (global-name "com.apple.cookied")

           (global-name "com.apple.decalog4.incoming")

           (global-name "com.apple.distributed_notifications@1v3")

           (global-name "com.apple.dock.server")

           (global-name "com.apple.ls.boxd")

           (global-name "com.apple.networkd")

           (global-name "com.apple.pasteboard.1")

           (global-name "com.apple.system.opendirectoryd.api")

           (global-name "com.apple.window_proxies")

           (global-name "com.apple.coreservices.appleevents")

           (global-name "com.apple.windowserver.active"))

     

     

    (allow process-exec

           (literal "/System/Library/Frameworks/WebKit.framework/WebKitPluginHost.app/Contents/MacO S/WebKitPluginHost")

           (literal "/Applications/Server.app/Contents/ServerRoot/usr/sbin/collabpp")

           (literal "/bin/chmod"))

     

     

    (allow process-fork)

     

     

    (allow mach-per-user-lookup)

     

     

    (allow network-outbound)

    ;(allow network-outbound

    ;       (literal "/private/var/pgsql_socket/.s.PGSQL.5432")

    ;       (literal "/private/var/run/mDNSResponder")

    ;       (remote tcp "*:80"))

     

     

    (allow system-socket)

     

     

    ;(allow ipc-posix-shm

    ;        (regex #"^/tmp/com.apple.csseed.[0-9]+$"))

     

     

    ; deny file-read-metadata /private/var/db/mds/system/mdsObject.db

    ; deny file-read-metadata /Library/Preferences/com.apple.security.plist

    ; deny file-read-data /Library/Preferences/com.apple.security.plist

    ; deny file-read-metadata /Library/Keychains

    ; deny file-read-metadata /Library/Keychains/System.keychain

    ; deny file-read-metadata /private/var/db/mds/system/mdsObject.db

     

     

     

     

    (allow ipc-posix-shm)

  • Tian Hou Level 1 Level 1 (5 points)

    Maybe misplaced parentheses in (allow file-read* …

     

           (subpath "/private/var/folders"))

           (literal "/Library/Preferences/.GlobalPreferences.plist")

     

    shouldn't that be:

     

           (subpath "/private/var/folders")

           (literal "/Library/Preferences/.GlobalPreferences.plist"))

  • Gordon MacKay Level 1 Level 1 (0 points)

    If not using wiki, then:

     

    launchctl unload -w

    /Applications/Server.app/Contents/ServerRoot/System/Library/LaunchDaemons/

    com.apple.collabd.plist

     

    will unload the service that is spawning the errors.

     

    If using wiki, see below.

Actions

More Like This

  • Retrieving data ...

Bookmarked By (10)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.