As someone working in developer tools for a company with thousands of people developing software on MacBooks, MAN do I resent SIP. I've recently started calling it "Systems Implementation Prevention".
It's incredible that it's 2024 and I can't cobble together anything vaguely container-like on macOS because:
* bind mounts don't exist (?!)
* clonefile() could maaaybe do the job but doesn't work cross-volume and a lot of the stuff outside of /Users is a different volume
* there's no filesystem namespace.
* chroot doesn't work either because /usr/lib/libsystem.B.dylib is required, but also pretend.
* And it sounds like chroot runs afoul of some SIP rule nowadays even if you can get past the above.
* A lot of this could be worked around with FUSE, but in order to turn that on, we'd have to turn off a lot of SIP.
The closest we can get without virtualization is sandbox-exec, which just allows allowing/denying file reads by path, with no path translation. And also is deprecated.
Nevermind that dtrace exists but you're not allowed to use it either.
Truly, the worst UNIX.
> * A lot of this could be worked around with FUSE, but in order to turn that on, we'd have to turn off a lot of SIP.
Didn't the latest MacOS update add something similar with userspace filesystems
> Nevermind that dtrace exists but you're not allowed to use it either.
You're not losing anything, dtrace even without SIP has been broken and unusable for at least 2 major versions now.
Why do you want to avoid virtualization?
> Truly, the worst UNIX.
You're not the target market.
:(
After upgrading, I was prompted to allow the AltTab utility to control something "for one month," or to open Settings. So I opened Settings and everything was already enabled.
The question is who is clamoring for all this BS? The cynic would say that Apple is prepping us all for the eventual iOSification of Macs, where you can't do squat. Which will leave only Linux as a viable (AKA tolerable) computing platform.
To be fair, I switched away from Windows back in ~2004 and used Macos pretty much exclusively since then, with the exception of Linux, which wasn't feeling as good for desktop.
I switched again, in Dec 2023 to Linux as desktop, due to the kind of issues we're discussing ITT, and also due to Apple's "buy new, you can't repair" effective hardware policy.
I setup a couple of Windows 11 machines with WSL too, and tend to use them a lot more than I expected. There's issues, and I'm still figuring some things out wrt to doing things in Windows (not WSL) but the experience is significantly better than expected.
I'm not a fan of M$ but Apple are really taking the cake for anti-user hostility these days.
and iTerm, Zoom, WebEx, Teams, talosctl... All kinds of prompts like that only to find everything enabled.
it’s pretty obnoxious especially when it’s something vital that I use my mac for everyday like displaylink or google chrome audio sharing or microsoft teams
I've got the same on a stock M1 MBP. At some point in the past I've disabled SIP - probably when I was playing around with FUSE.
Did all the Betas - never had any problem. However, after installing the RC/final version of Sequoia, I suddenly had a popup after bootup about an updated extension from "Apple Inc." and to please allow the updated version.
In Settings --> Privacy I was able to "Allow" the extension, however, this also requires a reboot. And after the reboot, the same popup appeared again.
I've put in a ticket - FB15087179.
Apple replied and said to first, toggle Activation Lock/Find My and wait 5+ minutes in-between. (Either off - wait 5mins - on, or on - wait 5mins - off.) Then boot into the bootloader and turn SIP on, then back off again.
However, when trying to turn SIP on, I get the same error as OP:
SDErrorDomain error 104.
I've found another user on Twitter with the same issue: https://x.com/davidhsherman13/status/1833264669793923151
After reporting my findings in the Apple Feedback thing, I've yet to get further instructions to try.
A Reddit user found a solution: https://old.reddit.com/r/MacOSBeta/comments/1fhl39c/system_e...
I've noticed he disabled "Find My Mac" in the first step and only enabled it again after everything was done.
This seems to be the key. I suspect the "SDErrorDomain error 104" is related to the "Activation Lock" aka. "Find My Mac".
I've disabled Find My Mac, booted into recovery and was finally able to set it to "Full Security" and back to "Reduced Security" again without problems. After that and a fresh boot, the popup message about the updated extension was gone.
Enabled "Find My Mac" again (after setting the system to "Full Security" first - as that's the setting I intended to use) and all is well.
nb. SIP was enabled for me the whole time. It was the security mode running on "Reduced Security" (both checkboxes checked) which was probably the cause for the "updated extension" issue.
For everyone who reads the title and instantly assumes this is something Apple has done—this is a tech support request for an error this person has encountered.
I did a .ipsw restore of my M1 Mac mini to 15 Sequoia RC last week and have since gone in and lowered the Security Policy to install ZFS kexts. I wonder if your issue is a bug relating to your multi MacOS boot setup? Have you posted this on MacRumors or elsewhere?
The ideal state for Apple and their target audience is to make your computer an appliance. They really don't want a wide set of configuration options, that makes it harder to service and harder to test.
People are kind of anchored to how Mac is / used to be etc, thinking of it as basically another unix. That's a historical blip in retrospect. Long term, their market really isn't developers & technical users, there are not enough of those to make concessions to.
In order to really help Aunt Sally keep her computer running and functional, they need to make sure that her nephew Billy can't make any complicated or potentially dangerous changes to the lower levels of the OS based on some internet forum post. If you need that kind of configurability, you really want a different OS. (Alternately, consider whether you really do need that configurability. Maybe you just think you do, and you'd much rather have a stable operating system that just works)
> How do I fix it?
Image the partitions to a backup location. Zero the entire drive. Clear nvram. Reinstall macOS 15. See if it’s resolved.