Thank you for your reply. I think my previous message might have caused some confusion. What I meant is that I want my existing app, which is already available on the App Store, to connect to the local Docker socket. I am not trying to connect to a socket that belongs to one of my own apps. The Docker socket is a system resource and not part of any of my apps, and as far as I understand, I cannot assign it to an app group

Thanks for the detailed reply. I’m using sandboxing because I’m planning to ship the app on the App Store. More specifically, I’m planning to add functionality to connect to the local socket in one of my existing apps.

I’m talking about the App Sandbox that I have to enable under Signing & Capabilities for the Mac app I’m developing. I need to keep it enabled because I want to publish the app on the App Store, so simply disabling it isn’t an option. I recently attended a one-on-one lab, and the engineer mentioned that it’s not necessarily a problem if the file isn’t inside the sandbox (which surprised me a bit). We tried to create a temporary exception for the socket file, but I’m still seeing a deny(1) network-outbound... error. Unfortunately, we weren’t able to resolve the issue during the session, so he recommended that I post the question here in the forum. When you mention selecting the socket, do you mean creating a bookmark for it?