Sandbox bash72986 deny1 file-write-data /Users/XXX/ios/Pods/resources-to-copy-XXXShareExtension.txt
Master System Design with Codemia
Enhance your system design skills with over 120 practice problems, detailed solutions, and hands-on exercises.
Introduction
The error Sandbox: bash(72986) deny(1) file-write-data /Users/XXX/ios/Pods/resources-to-copy-XXXShareExtension.txt occurs during iOS builds, typically when using CocoaPods in a React Native or native iOS project. This is a macOS sandbox violation where a build script tries to write to the Pods directory but is denied by the operating system's sandboxing security mechanism.
Why This Happens
Starting with Xcode 14 and macOS Ventura, Apple tightened the sandboxing rules for build scripts (shell script build phases). By default, Xcode now sandboxes user scripts, preventing them from writing to locations outside the build directory. CocoaPods' script phases (like [CP] Copy Pods Resources) attempt to write files into the Pods directory, which the sandbox blocks.
The key factors:
- Xcode build setting:
ENABLE_USER_SCRIPT_SANDBOXINGdefaults toYESin new projects on Xcode 14+ - CocoaPods scripts: CocoaPods adds build phase scripts that write intermediate files to the Pods directory
- Share extensions: Extensions like Share Extensions have additional resource copying steps that trigger the violation
How to Fix It
Option 1: Disable User Script Sandboxing (Recommended for CocoaPods)
In your Xcode project, disable the sandbox for build scripts:
Via Xcode UI:
- Select your project in the navigator
- Select the target that is failing (e.g., your Share Extension target)
- Go to Build Settings
- Search for User Script Sandboxing
- Set
ENABLE_USER_SCRIPT_SANDBOXINGto No
Via Podfile (applies to all targets):
Then run:
Option 2: Disable for the Main Project via xcconfig
Add to your .xcconfig file or create one:
Option 3: Update CocoaPods
Newer versions of CocoaPods (1.13+) have better support for sandboxed builds:
CocoaPods 1.13+ declares proper input/output files for its script phases, which satisfies the sandbox requirements without disabling it entirely.
Option 4: Declare Script Input/Output Files
If you want to keep sandboxing enabled, you can manually declare the files that the script needs to access. In Xcode, select the build phase script and add:
- Input Files: Files the script reads
- Output Files: Files the script writes
For the [CP] Copy Pods Resources phase, add:
as an output file.
React Native Specific Fix
For React Native projects, the issue often appears after upgrading Xcode. Add this to your Podfile:
Verifying the Fix
After applying the fix:
Common Pitfalls
- Applying only to the Pods project: The sandbox setting must be disabled on both the Pods project and your app targets. If you only disable it for Pods, the app target's script phases may still fail.
- Not cleaning after changes: After modifying the Podfile or build settings, always clean the build folder and derived data. Stale cached data can make it appear the fix did not work.
- Security implications: Disabling script sandboxing reduces build-time security. For open-source projects or CI/CD environments, this is generally acceptable. For production environments, prefer updating CocoaPods to a version that supports sandboxing natively.
- Multiple targets: If your project has multiple targets (app, share extension, widget, etc.), apply the fix to all of them. Each target has its own
ENABLE_USER_SCRIPT_SANDBOXINGsetting. - Xcode version differences: This issue does not appear on Xcode 13 or earlier. If team members use different Xcode versions, the build may work for some but fail for others.
Summary
- This error is caused by macOS sandboxing build scripts in Xcode 14+
- Quickest fix: set
ENABLE_USER_SCRIPT_SANDBOXING = NOin build settings - Best applied via
post_installin your Podfile to affect all targets - Updating CocoaPods to 1.13+ provides native sandbox compatibility
- Always clean build artifacts and derived data after applying the fix
