I have an app that runs on macOS Monterey. For various reasons, I have to externally add a sandbox entitlement (externally, as in using codesign, rather than rebuilding it) After adding the sandbox entitlement, and resigning appropriately, the app crashes on launch with the following error : ERROR:process_singleton_posix.cc(1186)] Failed to bind() /var/folders/s2/j0z79krx321qg318das1r95_zc0000gn/T/com.funkyapp/S/SingletonSocket So I assumed I needed to give access to this file. So I added the following entitlements to the app, via codesign : <key>com.apple.security.temporary-exception.files.absolute-path.read-write</key> <array> <string>/var</string> <string>/var/folders/s2/j0z79krx321qg318das1r95_zc0000gn/T/com.funkyapp/S/SingletonSocket</string> </array> and also <key>com.apple.security.network.client</key> <true/> <key>com.apple.security.network.server</key> <true/> Unfortunately, it still crashes on load, with the same error. Does anyone know why that is? From my perspective, I gave the appropriate entitlements to bind a socket at that path, what am I missing? Thanks !

When loading a network extension, I see the following error, raised by the trustd process, in the console :Entitlement com.apple.application-identifier=RUXT127L01.com.team.AppName.NetworkExtension is ignored because of invalid application signature or incorrect provisioning profile Entitlement com.apple.security.application-groups=( "RUXT127L01.com.team.AppName" ) is ignored because of invalid application signature or incorrect provisioning profileHowever, I believe my appGroups and bundle identifiers are correctly set in the Entitlements :com.apple.application-identifier RUXT127L01.com.team.AppName.NetworkExtension com.apple.developer.team-identifier RUXT127L01 com.apple.security.application-groups RUXT127L01.com.team.AppName com.apple.security.get-task-allowAlso, when I run "codesign -d -vvvv" or "codesign -d --entitlements" on the systemextension, everything looks fine.Does anyone have any idea what could be off? Or any suggesting of where to look?Note that the system extension seems to work fine anyway, and allows XPC communications.