Can't pass files in and out of the box via the sandboxed program

[Choosing8478]

I have a hardened sandbox with data protection enabled. The use case for this box is to sandbox Google Chrome and deny access to the filesystem except for one folder. Chrome works fine in this sandbox, except for being able to read or write to the specified allowed folder. I can browse the folder and see file thumbnails and sizes, but when selected for upload the upload fails. When saving files to that folder, they are either saved as tmp files that save correctly but with some temporary name, or they save as zero byte files - I have not found a pattern with when it will do one or the other - and upon saving I get the error (screenshot attached):

(path to specified allowed folder)
You don't have permission to modify files in this network location.
Contact the administrator per permission to make these changes

The folder is a local folder rather than a network drive folder. Why are network permissions coming into play? How do I configure this box to work as intended? Is this a bug? Thank you for taking a look.

config ini file:
Enabled=y
BlockNetworkFiles=y
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
RecoverFolder=%Personal%
RecoverFolder=%Desktop%
BorderColor=#7f0000,ttl,6
Template=OpenBluetooth
Template=SkipHook
Template=FileCopy
Template=qWave
Template=BlockPorts
Template=LingerPrograms
Template=AutoRecoverIgnore
Template=BlockAccessWMI
Template=Chrome_Phishing_DirectAccess
Template=Chrome_Force
ConfigLevel=10
UsePrivacyMode=y
UseSecurityMode=y
FileRootPath=D:\Sandboxie\Chrome-Hardened_w_DP
UseFileDeleteV2=y
UseRegDeleteV2=y
AutoRecover=y
ProcessGroup=<StartRunAccess>,chrome.exe
ProcessGroup=<InternetAccess>,chrome.exe
ForceProcess=chrome.exe
ClosedIpcPath=!<StartRunAccess>,*
HideFirmwareInfo=y
RandomRegUID=y
HideDiskSerialNumber=y
HideNetworkAdapterMAC=y
HideNonSystemProcesses=y
ClosePrintSpooler=y
OpenPipePath=D:\Sandboxie\Chrome-Hardened_w_DP-Downloads\
PromptForInternetAccess=y
ClosedFilePath=!<InternetAccess>,InternetAccessDevices

 

[bastik-1001]

The folder is a local folder rather than a network drive folder. Why are network permissions coming into play? How do I configure this box to work as intended? Is this a bug?

I don't think Sandboxie would treat it as being a network file for a reason, but I could be wrong. If it considered it a network file, I assume it is a bug.

Maybe OpenPipePath behaves different from OpenFilePath in that regard.

You could test if Sandboxie is preventing the changes due to them being network files, by removing BlockNetworkFiles=y.

 

[offhub]

1. Store your user data in a folder outside the Sandbox directory.
2. If you must use the Sandbox folder, ensure that the first part of the Download folder name does not match other Sandbox names.

Sandbox name: Chrome-Hardened_w_DP
Download folder: Chrome-Hardened_w_DP-Downloads

 

[Choosing8478]

Thank you both, I got it working! I tried some things and found out that making the following change resolved the issue:

ensure that the first part of the Download folder name does not match other Sandbox names

so now there is OpenPipePath=D:\Sandboxie\CHwDP-Downloads\ and FileRootPathis unchanged. Such a relief, I've been having this problem for more than a year

@DavidXanatos it would be very nice to have this string collision between FileRootPath and OpenPipePath that @offhub pointed out prevented in the UI, when you have the time please. And thanks for making such great software!