Investigate removing MacOS entitlements on the dotnet host #50185
Comments
|
Tagging subscribers to this area: @vitek-karas, @agocke, @VSadov Issue DetailsInvestigate if these dotnet host current entitlements are necessary: com.apple.security.cs.allow-unsigned-executable-memory https://github.com/dotnet/runtime/blob/main/eng/pipelines/common/entitlements.plist There will be testing and investigation to make sure removing them doesn't break anything. Oded Hanson: We only needed com.apple.security.cs.allow-jit but, indeed the process doesn't inherit the default DYLIB search paths and we need to manually add :/usr/local/lib:/usr/lib to the NATIVE_DLL_SEARCH_DIRECTORIES. I guess com.apple.security.cs.allow-dyld-environment-variables would have solved that, instead of adding the paths explicitly.
|
dotnet-issue-labeler
bot
added
the
untriaged
|
/cc @VSadov |
|
|
jeffschwMSFT
removed
the
untriaged
|
I think this is done. #51294 closed out the only change we'd likely make here. |
ghost
locked as resolved and limited conversation to collaborators
Investigate if these dotnet host current entitlements are necessary:
com.apple.security.cs.allow-unsigned-executable-memory
com.apple.security.cs.allow-dyld-environment-variables
https://github.com/dotnet/runtime/blob/main/eng/pipelines/common/entitlements.plist
There will be testing and investigation to make sure removing them doesn't break anything.
Oded Hanson:
We only needed com.apple.security.cs.allow-jit but, indeed the process doesn't inherit the default DYLIB search paths and we need to manually add :/usr/local/lib:/usr/lib to the NATIVE_DLL_SEARCH_DIRECTORIES. I guess com.apple.security.cs.allow-dyld-environment-variables would have solved that, instead of adding the paths explicitly.
The text was updated successfully, but these errors were encountered: