Fix 'dotnet watch' with sandboxed Mac Catalyst apps by rolfbjarne · Pull Request #25738 · dotnet/macios

rolfbjarne · 2026-06-18T14:05:47Z

When dotnet watch launches a sandboxed Mac Catalyst app, DOTNET_STARTUP_HOOKS points to a DLL in the .NET SDK directory, which is outside the app's sandbox. The app fails with Access is denied.

Fix:

In _PrepareRunDesktop, copy the startup hook DLL into the app's sandbox container directory (~/Library/Containers/<BundleId>/Data/tmp/)
Update RuntimeEnvironmentVariable for DOTNET_STARTUP_HOOKS to point to the new path
For RunWithOpen=false, wrap RunCommand with env to override the env var (since dotnet watch sets it independently)

Test changes:

Add enableSandbox parameter and a new [TestCase (ApplePlatform.MacCatalyst, false, true)] variation
Add com.apple.security.network.client entitlement (needed for hot reload WebSocket; CompileEntitlements auto-adds it for Debug sandboxed builds, but only when the sandbox is detected before CustomEntitlements are processed)
Put the test log file in the sandbox container when sandboxed

Fixes #25700.

🤖 Pull request created by Copilot

Add a new test case variation that enables the app sandbox for the Mac Catalyst HotReloadTestApp by passing EnableSandbox=true as an environment variable to 'dotnet watch'. The shared.csproj conditionally adds the com.apple.security.app-sandbox entitlement when EnableSandbox is set. This test is expected to fail currently because 'dotnet watch' doesn't work with sandboxed apps yet. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

When 'dotnet watch' launches a sandboxed app, the DOTNET_STARTUP_HOOKS environment variable points to a DLL in the .NET SDK directory, which is outside the app's sandbox. The app fails to load it with 'Access is denied'. Fix this by: 1. In _PrepareRunDesktop, copying the startup hook DLL into the app's sandbox container directory (~/Library/Containers/<ApplicationId>/Data/tmp/) 2. Updating RuntimeEnvironmentVariable for DOTNET_STARTUP_HOOKS to point to the new container path 3. For RunWithOpen=false, wrapping RunCommand with 'env' to override the DOTNET_STARTUP_HOOKS environment variable (since dotnet watch sets it directly in the child process environment, independent of RuntimeEnvironmentVariable items) Also add com.apple.security.network.client to the sandbox entitlements in the test app, which is needed for the hot reload WebSocket connection. The CompileEntitlements task normally auto-adds this for Debug sandboxed builds, but it checks for the sandbox BEFORE CustomEntitlements are processed, so it doesn't detect the sandbox when it's added via CustomEntitlements. Also put the test app's log file in the sandbox container directory when running sandboxed, since the app can't write to arbitrary paths. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Use the canonical _BundleIdentifier property (set by _ReadAppManifest) for the sandbox container path, and add _ReadAppManifest to DependsOnTargets to ensure it's available. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

vs-mobiletools-engineering-service2 · 2026-06-22T19:24:42Z

✅ [CI Build #cc61cba] Prepare .NET Release succeeded ✅

📦 Published NuGet packages (32 packages)

iOS

Microsoft.iOS.Ref.net11.0_26.5.26.5.11695-net11-p6.nupkg
Microsoft.iOS.Runtime.ios-arm64.net11.0_26.5.26.5.11695-net11-p6.nupkg
Microsoft.iOS.Runtime.ios.net11.0_26.5.26.5.11695-net11-p6.nupkg
Microsoft.iOS.Runtime.iossimulator-arm64.net11.0_26.5.26.5.11695-net11-p6.nupkg
Microsoft.iOS.Runtime.iossimulator-x64.net11.0_26.5.26.5.11695-net11-p6.nupkg
Microsoft.iOS.Sdk.net11.0_26.5.26.5.11695-net11-p6.nupkg
Microsoft.iOS.Templates.26.5.11695-net11-p6.nupkg
Microsoft.iOS.Windows.Sdk.net11.0_26.5.26.5.11695-net11-p6.nupkg
Microsoft.NET.Sdk.iOS.Manifest-11.0.100-preview.6.26.5.11695-net11-p6.nupkg

MacCatalyst

Microsoft.MacCatalyst.Ref.net11.0_26.5.26.5.11695-net11-p6.nupkg
Microsoft.MacCatalyst.Runtime.maccatalyst-arm64.net11.0_26.5.26.5.11695-net11-p6.nupkg
Microsoft.MacCatalyst.Runtime.maccatalyst-x64.net11.0_26.5.26.5.11695-net11-p6.nupkg
Microsoft.MacCatalyst.Runtime.maccatalyst.net11.0_26.5.26.5.11695-net11-p6.nupkg
Microsoft.MacCatalyst.Sdk.net11.0_26.5.26.5.11695-net11-p6.nupkg
Microsoft.MacCatalyst.Templates.26.5.11695-net11-p6.nupkg
Microsoft.NET.Sdk.MacCatalyst.Manifest-11.0.100-preview.6.26.5.11695-net11-p6.nupkg

macOS

Microsoft.macOS.Ref.net11.0_26.5.26.5.11695-net11-p6.nupkg
Microsoft.macOS.Runtime.osx-arm64.net11.0_26.5.26.5.11695-net11-p6.nupkg
Microsoft.macOS.Runtime.osx-x64.net11.0_26.5.26.5.11695-net11-p6.nupkg
Microsoft.macOS.Runtime.osx.net11.0_26.5.26.5.11695-net11-p6.nupkg
Microsoft.macOS.Sdk.net11.0_26.5.26.5.11695-net11-p6.nupkg
Microsoft.macOS.Templates.26.5.11695-net11-p6.nupkg
Microsoft.NET.Sdk.macOS.Manifest-11.0.100-preview.6.26.5.11695-net11-p6.nupkg

tvOS

Microsoft.NET.Sdk.tvOS.Manifest-11.0.100-preview.6.26.5.11695-net11-p6.nupkg
Microsoft.tvOS.Ref.net11.0_26.5.26.5.11695-net11-p6.nupkg
Microsoft.tvOS.Runtime.tvos-arm64.net11.0_26.5.26.5.11695-net11-p6.nupkg
Microsoft.tvOS.Runtime.tvos.net11.0_26.5.26.5.11695-net11-p6.nupkg
Microsoft.tvOS.Runtime.tvossimulator-arm64.net11.0_26.5.26.5.11695-net11-p6.nupkg
Microsoft.tvOS.Runtime.tvossimulator-x64.net11.0_26.5.26.5.11695-net11-p6.nupkg
Microsoft.tvOS.Sdk.net11.0_26.5.26.5.11695-net11-p6.nupkg
Microsoft.tvOS.Templates.26.5.11695-net11-p6.nupkg

Other

Sharpie.Bind.Tool.26.5.0.695-net11-p6.nupkg

Pipeline on Agent
Hash: cc61cbaef7573a2f0fccb8ede7471fe85970fe64 [PR build]

rolfbjarne · 2026-06-23T16:04:21Z

~~Blocked on dotnet/sdk#54922.~~ Using a workaround.

This reverts commit 7f68f57.

…-maccatalyst

vs-mobiletools-engineering-service2 · 2026-06-24T13:15:33Z

✅ [PR Build #481b3a8] Build passed (Detect API changes) ✅

Pipeline on Agent
Hash: 481b3a886bddbb71cb8c6a7fc46c282f1a342da5 [PR build]

vs-mobiletools-engineering-service2 · 2026-06-24T13:24:12Z

✅ [PR Build #481b3a8] Build passed (Build packages) ✅

Pipeline on Agent
Hash: 481b3a886bddbb71cb8c6a7fc46c282f1a342da5 [PR build]

vs-mobiletools-engineering-service2 · 2026-06-24T13:25:32Z

✅ API diff for current PR / commit

NET (empty diffs)

iOS: vsdrops gist ( No breaking changes )
tvOS: vsdrops gist ( No breaking changes )
MacCatalyst: vsdrops gist ( No breaking changes )
macOS: vsdrops gist ( No breaking changes )

✅ API diff vs stable

NET (empty diffs)

iOS: vsdrops gist ( No breaking changes )
tvOS: vsdrops gist ( No breaking changes )
MacCatalyst: vsdrops gist ( No breaking changes )
macOS: vsdrops gist ( No breaking changes )

ℹ️ Generator diff

Generator Diff: vsdrops (html) vsdrops (raw diff) gist (raw diff) - Please review changes)

Pipeline on Agent
Hash: 481b3a886bddbb71cb8c6a7fc46c282f1a342da5 [PR build]

vs-mobiletools-engineering-service2 · 2026-06-24T14:50:38Z

✅ [PR Build #481b3a8] Build passed (Build macOS tests) ✅

Pipeline on Agent
Hash: 481b3a886bddbb71cb8c6a7fc46c282f1a342da5 [PR build]

vs-mobiletools-engineering-service2 · 2026-06-24T15:30:12Z

🔥 [CI Build #481b3a8] Test results 🔥

Test results

❌ Tests failed on VSTS: test results

0 tests crashed, 3 tests failed, 225 tests passed.

Failures

❌ monotouch tests (macOS)

2 tests failed, 22 tests passed.

Failed tests

monotouch-test/macOS/Debug (trimmable static registrar): TimedOut (Execution timed out after 1200 seconds.
Test run crashed)
monotouch-test/macOS/Release (trimmable static registrar, NativeAOT, x64): Failed (Test run failed.
Tests run: 3716 Passed: 3581 Inconclusive: 4 Failed: 1 Ignored: 134)

Html Report (VSDrops) Download

❌ Tests on macOS Tahoe (26) tests [attempt 2]

1 tests failed, 4 tests passed.

Failed tests

monotouch-test: Failed (exit code 2)
- No test failure details available. stderr output:
  - 2026-06-24 08:26:22.381 monotouchtest[19602:5271001] [PASS] VeryGeneric
  - 2026-06-24 08:26:22.382 monotouchtest[19602:5271001] [PASS] WrapperTypeLookupTest
  - 2026-06-24 08:26:22.382 monotouchtest[19602:5271001] Xamarin.Tests.RuntimeTest : 341.017 ms
  - 2026-06-24 08:26:22.383 monotouchtest[19602:5271001] Xamarin.Tests : 341.076 ms
  - 2026-06-24 08:26:22.383 monotouchtest[19602:5271001] Xamarin : 352.3938 ms
  - 2026-06-24 08:26:22.383 monotouchtest[19602:5271001] bindings-test : 352.4641 ms
  - 2026-06-24 08:26:22.394 monotouchtest[19602:5269965] Tests run: 3636 Passed: 3626 Inconclusive: 10 Failed: 0 Ignored: 134
  - 2026-06-24 08:26:22.394 monotouchtest[19602:5269965] AutoRun (): completed test run on main thread
  - 2026-06-24 08:26:22.395 monotouchtest[19602:5269965] Exiting test run with success
  - make: *** [exec-monotouch-test] Error 1

Html Report (VSDrops) Download

Successes

✅ assembly-processing: All 1 tests passed. Html Report (VSDrops) Download
✅ cecil: All 1 tests passed. Html Report (VSDrops) Download
✅ dotnettests (iOS): All 1 tests passed. Html Report (VSDrops) Download
✅ dotnettests (MacCatalyst): All 1 tests passed. Html Report (VSDrops) Download
✅ dotnettests (macOS): All 1 tests passed. Html Report (VSDrops) Download
✅ dotnettests (Multiple platforms): All 1 tests passed. Html Report (VSDrops) Download
✅ dotnettests (tvOS): All 1 tests passed. Html Report (VSDrops) Download
✅ framework: All 2 tests passed. Html Report (VSDrops) Download
✅ fsharp: All 4 tests passed. Html Report (VSDrops) Download
✅ generator: All 5 tests passed. Html Report (VSDrops) Download
✅ interdependent-binding-projects: All 4 tests passed. Html Report (VSDrops) Download
✅ introspection: All 6 tests passed. Html Report (VSDrops) Download
✅ linker (iOS): All 21 tests passed. Html Report (VSDrops) Download
✅ linker (MacCatalyst): All 21 tests passed. Html Report (VSDrops) Download
✅ linker (macOS): All 21 tests passed. Html Report (VSDrops) Download
✅ linker (tvOS): All 21 tests passed. Html Report (VSDrops) Download
✅ monotouch (iOS): All 21 tests passed. Html Report (VSDrops) Download
✅ monotouch (MacCatalyst): All 24 tests passed. Html Report (VSDrops) Download
✅ monotouch (tvOS): All 21 tests passed. Html Report (VSDrops) Download
✅ msbuild: All 2 tests passed. Html Report (VSDrops) Download
✅ sharpie: All 1 tests passed. Html Report (VSDrops) Download
✅ windows: All 3 tests passed. Html Report (VSDrops) Download
✅ xcframework: All 4 tests passed. Html Report (VSDrops) Download
✅ xtro: All 1 tests passed. Html Report (VSDrops) Download

macOS tests

✅ Tests on macOS Sonoma (14): All 5 tests passed. [attempt 2] Html Report (VSDrops) Download
✅ Tests on macOS Sequoia (15): All 5 tests passed. [attempt 2] Html Report (VSDrops) Download