User Script Sandboxing Misconfigured in default React Native project

[coolsoftwaretyler]

Description

When I attempt to follow the Fabric Native Component guide in the React Native docs, I encountered errors that look like:

error: Sandbox: rsync.samba(76606) deny(1) file-write-create /Users/tylerwilliams/Library/Developer/Xcode/DerivedData/PlainRN-dolxtgnoeodnpofjdcgzfoepsrdp/Build/Products/Debug-iphonesimulator/XCFrameworkIntermediates/hermes-engine/Pre-built/hermes.framework/.Info.plist.PNqVDm (in target 'hermes-engine' from project 'Pods')

At first I thought this might come from setting up new groups in Xcode as per the directions. But I found this error is reproduced even after running:

npx @react-native-community/cli@latest init PlainRN
cd PlainRN
yarn run ios

I'm able to get the issue fixed if I change the setting through Xcode in the Pods project:

I'm filing this under the New Architecture bug report since it showed up first for me when trying to do Codegen for Fabric Native components, and the source of the error is coming from the ReactCodegen target in the Pods project. It's not entirely clear to me if this is a codegen issue or maybe some upstream problem with Cocoapods configuration. I found some related issues in Cocoapods. I see in the Gemfile that some prior versions of Cocoapods are excluded:

gem 'cocoapods', '>= 1.13', '!= 1.15.0', '!= 1.15.1'

Perhaps we also need to exclude 1.15.2, which is what you'll see in my npx react-native info output.

Steps to reproduce

npx @react-native-community/cli@latest init PlainRN
cd PlainRN
yarn run ios

React Native Version

0.76.0

Affected Platforms

Build - MacOS

Areas

Fabric - The New Renderer, Codegen

Output of npx react-native info

System:
  OS: macOS 14.6
  CPU: (16) arm64 Apple M3 Max
  Memory: 78.09 MB / 48.00 GB
  Shell:
    version: "5.9"
    path: /bin/zsh
Binaries:
  Node:
    version: 22.9.0
    path: ~/.asdf/installs/nodejs/22.9.0/bin/node
  Yarn:
    version: 1.22.22
    path: ~/.asdf/shims/yarn
  npm:
    version: 10.8.3
    path: ~/.asdf/plugins/nodejs/shims/npm
  Watchman:
    version: 2024.09.30.00
    path: /opt/homebrew/bin/watchman
Managers:
  CocoaPods:
    version: 1.15.2
    path: /Users/tylerwilliams/.asdf/shims/pod
SDKs:
  iOS SDK:
    Platforms:
      - DriverKit 24.0
      - iOS 18.0
      - macOS 15.0
      - tvOS 18.0
      - visionOS 2.0
      - watchOS 11.0
  Android SDK: Not Found
IDEs:
  Android Studio: 2024.2 AI-242.21829.142.2421.12409432
  Xcode:
    version: 16.0/16A242d
    path: /usr/bin/xcodebuild
Languages:
  Java:
    version: 17.0.12
    path: /usr/bin/javac
  Ruby:
    version: 3.3.4
    path: /Users/tylerwilliams/.asdf/shims/ruby
npmPackages:
  "@react-native-community/cli":
    installed: 15.0.0-alpha.2
    wanted: 15.0.0-alpha.2
  react:
    installed: 18.3.1
    wanted: 18.3.1
  react-native:
    installed: 0.76.0
    wanted: 0.76.0
  react-native-macos: Not Found
npmGlobalPackages:
  "*react-native*": Not Found
Android:
  hermesEnabled: true
  newArchEnabled: true
iOS:
  hermesEnabled: true
  newArchEnabled: false

Stacktrace or Logs

▸ Compiling bignum-dtoa.cc
▸ Running script '[CP] Copy XCFrameworks'

❌  error: Sandbox: rsync.samba(76606) deny(1) file-write-create /Users/tylerwilliams/Library/Developer/Xcode/DerivedData/PlainRN-dolxtgnoeodnpofjdcgzfoepsrdp/Build/Products/Debug-iphonesimulator/XCFrameworkIntermediates/hermes-engine/Pre-built/hermes.framework/.Info.plist.PNqVDm (in target 'hermes-engine' from project 'Pods')



❌  error: Sandbox: rsync.samba(76606) deny(1) file-write-create /Users/tylerwilliams/Library/Developer/Xcode/DerivedData/PlainRN-dolxtgnoeodnpofjdcgzfoepsrdp/Build/Products/Debug-iphonesimulator/XCFrameworkIntermediates/hermes-engine/Pre-built/hermes.framework/.hermes.dFI84M (in target 'hermes-engine' from project 'Pods')


▸ Compiling DebugStringConvertibleItem.cpp
▸ Compiling DebugStringConvertible.cpp
▸ Touching glog_privacy.bundle (in target 'glog-glog_privacy' from project 'Pods')
▸ Touching boost_privacy.bundle (in target 'boost-boost_privacy' from project 'Pods')
▸ Compiling react_native_log.cpp
▸ Compiling ReactPerfettoCategories.cpp
▸ Compiling ReactPerfetto.cpp
▸ Compiling HermesPerfettoDataSource.cpp
▸ Compiling FuseboxTracer.cpp
▸ Compiling BridgeNativeModulePerfLogger.cpp
    Run script build phase '[CP-User] [Hermes] Replace Hermes for the right configuration, if needed' will be run during every build because it does not specify any outputs. To address this issue, either add output dependencies to the script phase, or configure it to run in every build by unchecking "Based on dependency analysis" in the script phase. (in target 'hermes-engine' from project 'Pods')
    Run script build phase 'Bundle React Native code and images' will be run during every build because it does not specify any outputs. To address this issue, either add output dependencies to the script phase, or configure it to run in every build by unchecking "Based on dependency analysis" in the script phase. (in target 'PlainRN' from project 'PlainRN')
    Run script build phase '[CP-User] [RN]Check rncore' will be run during every build because it does not specify any outputs. To address this issue, either add output dependencies to the script phase, or configure it to run in every build by unchecking "Based on dependency analysis" in the script phase. (in target 'React-FabricComponents' from project 'Pods')
    Run script build phase '[CP-User] [RN]Check rncore' will be run during every build because it does not specify any outputs. To address this issue, either add output dependencies to the script phase, or configure it to run in every build by unchecking "Based on dependency analysis" in the script phase. (in target 'React-Fabric' from project 'Pods')

info 💡 Tip: Make sure that you have set up your development environment correctly, by running npx react-native doctor. To read more about doctor command visit: https://github.com/react-native-community/cli/blob/main/packages/cli-doctor/README.md#doctor

error Failed to build ios project. "xcodebuild" exited with error code '65'. To debug build logs further, consider building your app with Xcode.app, by opening 'PlainRN.xcworkspace'.
info Run CLI with --verbose flag for more details.
error Command failed with exit code 1.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.

Reproducer

https://github.com/coolsoftwaretyler/reproducer-user-sandbox-error

Screenshots and Videos

[coolsoftwaretyler]

I tried forcing Cocoapods to version 1.14.3, but there was no change in outcome.

[cipolleschi]

Interesting... this should not happen with a new app created with the template.
Instead, it happens if you create a regular iOS project and you add React Native later.

In this case, we highlighted that step here in the Integrating with Existing Apps guide.

[cipolleschi]

Which version of Xcode are you using?

[JorenVos]

Dealing with exactly the same issue using Xcode 15.4 and Cocoapods versions 1.15.2. The Pods project gets User Script Sandboxing defaulting to YES (every pod install reverts this setting to the default YES-value).

[coolsoftwaretyler]

I'm on Xcode 16.0/16A242d

I'll try a new Expo project and then a CLI project with version 0.75 and see if I run into the same problems.

Will report back shortly.

[coolsoftwaretyler]

With npx create-expo-app@latest, the Expo Go app works fine.

Then I ran:

npx expo prebuild
cd ios 
open testappforuserpermissions.xcworkspace/

Building that from Xcode worked as expected.

Here is the npx react-native info output for that test run:

System:
  OS: macOS 14.6
  CPU: (16) arm64 Apple M3 Max
  Memory: 229.86 MB / 48.00 GB
  Shell:
    version: "5.9"
    path: /bin/zsh
Binaries:
  Node:
    version: 22.9.0
    path: ~/.asdf/installs/nodejs/22.9.0/bin/node
  Yarn:
    version: 1.22.22
    path: ~/.asdf/shims/yarn
  npm:
    version: 10.8.3
    path: ~/.asdf/plugins/nodejs/shims/npm
  Watchman:
    version: 2024.09.30.00
    path: /opt/homebrew/bin/watchman
Managers:
  CocoaPods:
    version: 1.15.2
    path: /Users/tylerwilliams/.asdf/shims/pod
SDKs:
  iOS SDK:
    Platforms:
      - DriverKit 24.0
      - iOS 18.0
      - macOS 15.0
      - tvOS 18.0
      - visionOS 2.0
      - watchOS 11.0
  Android SDK: Not Found
IDEs:
  Android Studio: 2024.2 AI-242.21829.142.2421.12409432
  Xcode:
    version: 16.0/16A242d
    path: /usr/bin/xcodebuild
Languages:
  Java:
    version: 17.0.12
    path: /usr/bin/javac
  Ruby:
    version: 3.3.4
    path: /Users/tylerwilliams/.asdf/shims/ruby
npmPackages:
  "@react-native-community/cli": Not Found
  react: Not Found
  react-native: Not Found
  react-native-macos: Not Found
npmGlobalPackages:
  "*react-native*": Not Found
Android:
  hermesEnabled: true
  newArchEnabled: false
iOS:
  hermesEnabled: true
  newArchEnabled: false

Will try a CLI project on 0.75.x next.

[coolsoftwaretyler]

Then I ran npx @react-native-community/cli@latest init cltesterrepro --version 0.75.4. I chose to install CocoaPods during the installation step.

Afterwards, ran:

cd cltesterrepro/
yarn run ios

That got me similar errors:

❌  error: Sandbox: rsync.samba(65050) deny(1) file-write-create /Users/tylerwilliams/Library/Developer/Xcode/DerivedData/cltesterrepro-cpwbxfxdtusuovdkysvmogtxkpar/Build/Products/Debug-iphonesimulator/XCFrameworkIntermediates/hermes-engine/Pre-built/hermes.framework/.Info.plist.gFDtzk (in target 'hermes-engine' from project 'Pods')



❌  error: Sandbox: rsync.samba(65050) deny(1) file-write-create /Users/tylerwilliams/Library/Developer/Xcode/DerivedData/cltesterrepro-cpwbxfxdtusuovdkysvmogtxkpar/Build/Products/Debug-iphonesimulator/XCFrameworkIntermediates/hermes-engine/Pre-built/hermes.framework/.hermes.ucZRDV (in target 'hermes-engine' from project 'Pods')

Same build failures when running via Xcode.

Perhaps this is a problem with @react-native-community/cli and not React Native.

[coolsoftwaretyler]

Ran:

npx @react-native-community/cli@14.1.0 init olderclitest --version 0.75.4
# Selected Yes to install CocoaPods during setup
cd olderclitest/
npx react-native run-ios

Similar errors:

❌  error: Sandbox: rsync.samba(75818) deny(1) file-write-create /Users/tylerwilliams/Library/Developer/Xcode/DerivedData/olderclitest-fpvnjkwfdzckavetrxxfbiticefi/Build/Products/Debug-iphonesimulator/XCFrameworkIntermediates/hermes-engine/Pre-built/hermes.framework/.Info.plist.wFiuSv (in target 'hermes-engine' from project 'Pods')



❌  error: Sandbox: rsync.samba(75818) deny(1) file-write-create /Users/tylerwilliams/Library/Developer/Xcode/DerivedData/olderclitest-fpvnjkwfdzckavetrxxfbiticefi/Build/Products/Debug-iphonesimulator/XCFrameworkIntermediates/hermes-engine/Pre-built/hermes.framework/.hermes.1y2kb2 (in target 'hermes-engine' from project 'Pods')

Maybe it's an environment thing, although it's strange that Expo worked fine, even while building with Xcode.

[Jensileus]

I have the exact same problem.

[dentemm]

Same problem, but I cannot bypass since ENABLE_USER_SCRIPT_SANDBOXING is already disabled

[Jensileus]

That is also my problem, it is disabled, but still gives me problems. Why?

[hoangdoanfinx]

same problem to my Github Action Runner, I can still build the app manually from my machine.

[JorenVos]

Same problem, but I cannot bypass since ENABLE_USER_SCRIPT_SANDBOXING is already disabled

Maybe ENABLE_USER_SCRIPT_SANDBOXING is enabled in your Pods-project?

[Jensileus]

I can just speak for myself, but i deleted and re-installed pods again. So how can that happen? And also, mine is totally new - i did not do anything else then making a React-Native app. So just for checking what was wrong with my "old" since that had the same problem I started a new one. And it automatically have the same problem?

[hoangdoanfinx]

Same problem, but I cannot bypass since ENABLE_USER_SCRIPT_SANDBOXING is already disabled

Maybe ENABLE_USER_SCRIPT_SANDBOXING is enabled in your Pods-project?

all my targets are disabled ENABLE_USER_SCRIPT_SANDBOXING but it did not work
fyi: the issue happened from yesterday, before that everything work well

[dentemm]

Came across RN-Reanimated's action runners, which have been failing since yesterday as well (exact same rsync.samba issue). Currently upgrading Xcode and will try some things afterwards

https://github.com/software-mansion/react-native-reanimated/actions/runs/11543283561

[dentemm]

Same problem, but I cannot bypass since ENABLE_USER_SCRIPT_SANDBOXING is already disabled

Maybe ENABLE_USER_SCRIPT_SANDBOXING is enabled in your Pods-project?

Good suggestion, but didn't work

[Jensileus]

It's started yesterday as well. it worked saturday, but yesterday problems all over with rsync.sandbox.

[krystofwoldrich]

I got the same issue,
after disabling scripts sandboxing for Pods.

I'm getting errors from replace-hermes-version.js

Node found at: /Users/krystofwoldrich/.nvm/versions/node/v20.15.0/bin/node
Preparing the final location
/Users/krystofwoldrich/repos/react-native-versions/0.76.0/RnDiffApp/ios/Pods
Extracting the tarball
tar: Error opening archive: Failed to open '/Users/krystofwoldrich/repos/react-native-versions/0.76.0/RnDiffApp/ios/Pods/hermes-engine-artifacts/hermes-ios-0.76.0-release.tar.gz'
node:child_process:965
    throw err;
    ^

Error: Command failed: tar -xf /Users/krystofwoldrich/repos/react-native-versions/0.76.0/RnDiffApp/ios/Pods/hermes-engine-artifacts/hermes-ios-0.76.0-release.tar.gz -C hermes-engine
tar: Error opening archive: Failed to open '/Users/krystofwoldrich/repos/react-native-versions/0.76.0/RnDiffApp/ios/Pods/hermes-engine-artifacts/hermes-ios-0.76.0-release.tar.gz'

[helloagain-dev]

in our case, the problem is related to the latest release of xcodeproj (1.26.0) ruby library
https://github.com/CocoaPods/Xcodeproj/releases/tag/1.26.0
pinning it to 1.25 in gem file should fix the issue for now

gem 'xcodeproj', '1.25.1'

[cipolleschi]

Yes, our CI is red as well.
As @helloagain-dev mentioned, Xcodeproj released yesterday and that broke the build for almost everyone.

I'll pin the gem to the right value in the Gemfile, we will release 0.76.1 today.

cc. @blakef @cortinico

--

@krystofwoldrich I don't think that the two are related. The sandbox scripting prevents for scripts to run. In your error, the script is running but it fails to open the tarball. So you might missing the tarball or there might be something else going on.

[dentemm]

@helloagain-dev great find, works like a charm 👏

[cipolleschi]

Opened a issue here: CocoaPods/Xcodeproj#989

[krystofwoldrich]

@cipolleschi Thanks, yes, it was unrelated. Cleaning my Pods and rerunning pod install downloaded the tarballs.

[hoangdoanfinx]

@cipolleschi thanks, you saved my life

[migueldaipre]

Fixed in #47237

[SwetaTanwar]

Able to unblock with the same error by explicitly setting the flag as NO in podfile

installer.pods_project.targets.each do |target|
      target.build_configurations.each do |config|
        config.build_settings['ENABLE_USER_SCRIPT_SANDBOXING'] = 'NO'
      end
end

[kiki-eng]

Hello everyone, i want to know if this is some sort of new problem, i only push my latest update to github yesterday and since then have been experiencing this error Sandbox: mkdir(19746) deny(1) file-write-create /Users/olawaleabosede/Library/Developer/Xcode/DerivedData/My750hrstracker-erjbkgyqqlopoegusonsambuhznx/Build/Intermediates.noindex/Pods.build/Debug-iphonesimulator/React-rncore.build/DerivedSources/generated
have done everything suggested by AI nothing is working

[iameli]

For anyone like me whose CI environment upgraded underneath you and broke your RN builds, this gets the job done:

sudo gem uninstall xcodeproj -x --ignore-dependencies
sudo gem install xcodeproj -v 1.25.1

I didn't have a Gemfile in the repo at all so that approach didn't help me much.

[kigh143]

in our case, the problem is related to the latest release of xcodeproj (1.26.0) ruby library https://github.com/CocoaPods/Xcodeproj/releases/tag/1.26.0 pinning it to 1.25 in gem file should fix the issue for now

gem 'xcodeproj', '1.25.1'

This worked for me thank you.

[krystofwoldrich]

Updating to Cocoapods 1.16.0 https://github.com/CocoaPods/CocoaPods/releases/tag/1.16.0 also fixed the issue for me.

From the changelog:

Update project generator to set ENABLE_USER_SCRIPT_SANDBOXING = NO = NO` on pod targets to fix build failures with vendored frameworks.

[alexma01]

@krystofwoldrich I can confirm that with CocoaPods 1.6.1, it works!

[ko100v-xgt]

@alexma01 can you provide your Gemfile? Did you remove gem 'xcodeproj', '< 1.26.0' and set gem cocoapods, 1.6.1?

[vladimirevstratov]

sudo gem uninstall xcodeproj -x --ignore-dependencies
sudo gem install xcodeproj -v 1.25.1

thank you, this helps with cocoapods version 1.15.2

[SaadBinWaheed-og]

Added both these files in my Gemfile but same error:

gem 'cocoapods', '1.16.0'
gem 'xcodeproj', '1.25.1'

[joaogabriellima]

@SaadBinWaheed-og cocoapods 1.16 requires xcodeproj 1.26, here we solved adding this line on the gemfile:

gem 'cocoapods', '=1.16.0'

[imchristianlowe]

sudo gem install xcodeproj -v 1.25.1

You are a legend. This worked for me. Thank you!

[habtamu]

uninstalling xcodeproj version 1.26.0 works for me.
open terminal and uninstall 6. xcodeproj-1.26.0

~ gem uninstall xcodeproj
Select gem to uninstall:

1. xcodeproj-1.18.0
2. xcodeproj-1.19.0
3. xcodeproj-1.24.0
4. xcodeproj-1.25.0
5. xcodeproj-1.25.1
6. xcodeproj-1.26.0
7. All versions

6
Successfully uninstalled xcodeproj-1.26.0

[jeremiahlachica]

xcodeproj-1.25.1 works for me.

I had to uninstall all versions using:
gem uninstall xcodeproj

Then install 1.25.1:
sudo gem install xcodeproj -v 1.25.1

[cipolleschi]

1.25.x is fine.
1.26 only works with version 1.16 of Cocoapods.

[saminium]

1.16

Thanks

[chohra-med]

updating the Pod version to the latest fix the issue

sudo gem update --system
sudo gem install cocoapods