Timing-dependent 2203 when sandboxed process spawns child?

[Unknown_User_767]

There appears to be a possible race condition, which results in the intermittent appearance of "SBIE2203 Failed to wait for (121) Sandboxie Service" from the driver.

This can occur when
1/ a shortcut is the first process into a newly created default box,
2/ the shortcut runs a process which immediately spawns a child process (e.g. via NirSoft's NirCmd or Sysinternals PsExec)

It's more likely if it is not the first invokation of the shortcut in question during that logon session (i.e. when loading of NirCmd or PsExec is very fast).

Behaviour varies between machines.

A workaround appears to be to make NirCmd the first process into the sandbox and have it pause 1000ms before spawning any child process.

[tzuk]

OK.

In the next version, I'm changing the mechanism of communications between a sandboxed process and the SbieSvc service.

In version 2.86 it's done through named pipes, in version 2.91 (beta) it will be through LPC ports. The LPC should be less error prone than named pipes, so this problem may be resolved as a side effect of this change.

[Unknown_User_767]

Many thanks for the reply.

Thinking about it, the condition may have been triggered by me sandboxing a process which immediately started a child process, and then itself immediately exited. The error message may have related to the short-lived parent since the child process seemed happy in the sandbox.

Anyway, I also managed to resolve the issue by reversing the order of things, i.e. starting PsExec first and reducing rights to Limited User then running SandboxieStart Firefox. Overkill perhaps to use Limited User and a sandbox but still....

Thanks for a great utility.