Re: The mystery of mac_vnode_check_getattrlist()
Re: The mystery of mac_vnode_check_getattrlist()
- Subject: Re: The mystery of mac_vnode_check_getattrlist()
- From: Jorgen Lundman <email@hidden>
- Date: Thu, 15 Dec 2016 13:17:40 +0900
- Dkim-filter: OpenDKIM Filter v2.10.3 mail.lundman.net 94E0A748EC
> In this case, I assume, MAC_ stands for "mandatory access control", which is an old security nomenclature where permissions are represented by "security labels" on every file, task, etc.. The TrustedBSD project, from which Darwin got its MAC framework, might have some documentation on what's going on with vnode security labels here.
Yes, it does seem to be the same framework, and I have been reading the
FreeBSD documentation on it. Of course, it just happens to be *getattrlist*
which fails, one of the OSX only calls, that is not in FreeBSD.
Kevin Elliott wrote:
> This may be a silly question, but have you tried disabling SIP (assuming you were able to get this far with it enable)? The sandbox kext and the mac functions are heavily involved in sip, and disabling it may let you bypass this issue entirely.
>
SIP is entirely disabled in the VM, something I do just to load kexts
without having to sign them all the time.
Lund
--
Jorgen Lundman | <email@hidden>
Unix Administrator | +81 (0)90-5578-8500
Shibuya-ku, Tokyo | Japan
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Filesystem-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden