-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Investigate removing MacOS entitlements on the dotnet host #50185
Comments
Tagging subscribers to this area: @vitek-karas, @agocke, @VSadov Issue DetailsInvestigate if these dotnet host current entitlements are necessary: com.apple.security.cs.allow-unsigned-executable-memory https://github.com/dotnet/runtime/blob/main/eng/pipelines/common/entitlements.plist There will be testing and investigation to make sure removing them doesn't break anything. Oded Hanson: We only needed com.apple.security.cs.allow-jit but, indeed the process doesn't inherit the default DYLIB search paths and we need to manually add :/usr/local/lib:/usr/lib to the NATIVE_DLL_SEARCH_DIRECTORIES. I guess com.apple.security.cs.allow-dyld-environment-variables would have solved that, instead of adding the paths explicitly.
|
/cc @VSadov |
|
I think this is done. #51294 closed out the only change we'd likely make here. |
Investigate if these dotnet host current entitlements are necessary:
com.apple.security.cs.allow-unsigned-executable-memory
com.apple.security.cs.allow-dyld-environment-variables
https://github.com/dotnet/runtime/blob/main/eng/pipelines/common/entitlements.plist
There will be testing and investigation to make sure removing them doesn't break anything.
Oded Hanson:
We only needed com.apple.security.cs.allow-jit but, indeed the process doesn't inherit the default DYLIB search paths and we need to manually add :/usr/local/lib:/usr/lib to the NATIVE_DLL_SEARCH_DIRECTORIES. I guess com.apple.security.cs.allow-dyld-environment-variables would have solved that, instead of adding the paths explicitly.
The text was updated successfully, but these errors were encountered: