Clean up your Sandbox

Ever look at Console and suspect that your Mountain Lion is using sandbox as its litter box... and it has diarrhea? You know the smelltale signs: sandboxd denying some of Apple's own processes access to file-reda-metadata in various places, and denying Mach lookup to others in other places. Well, I finally found how to adjust the sandbox and get rid of these messages!

There are some files in /usr/share/sandbox which contain the sandbox preferences for the various Apple processes, such as com.apple.audio.coreaudiod.sb, mds.sb, et al. You may be accustomed to seeing this kind of crap:

- 7/1/13 12:07:32.169 AM sandboxd[2954]: ([2952]) launchctl(2952) deny file-read-data /private/var/db/launchd.db/com.apple.launchd.peruser.503/overrides.plist

If so then go find the appropriate .sb file and edit it to add the path that's currently being sandboxed. It got rid of a bunch of coreaudiod errors I was getting, and I know a lot of people have been getting sandbox issues with mds, Spotlight's daemon.