thank you eskimo . the domain is indeed OSSystemExtensionErrorDomain.so i presume that since my extension is not signed i get the error OSSystemExtensionErrorCodeSignatureInvalid .but i also tried with SIP disabled (i.e. csrutil disable). but i get the same error . what's the issue then?can i not activate system extension without signature on SIP disabled system ?

i ask this only for internal development and testing . reckon there needs to be some way without the sign during this phase. or even for internal development cycles need to be signed. i guess not. hence the provision through SIP disablement. is it right?

Thank you . i added the account. it now says "Your development team, "XXXXX", does not support the Network Extensions capability."is this capability associated with the team?also is Apple Devleoper account manadatory or just Apple ID work?

right, i figured it out somehow after landing there later. but thankyou for the reply. that helps .

it is Content filter

thank you eskimo.

thnsk you eskimo for the answer .is "App Sandbox entitlement" required for Driverkit ?

thank you eskimo . it is a NetworkExtension . howz the setting up different in NetworkExtension & EndpointSecurity ?

With default Network Extension Target the NEMachServiceName is already added. should we just connect from the app to this NEMachServiceName and then start exchanging message. was just curious whether I create the listener in the app and connect (from client) from the Network Extension. is it a good idea ?

@tartempion : Am facing the same issue . do you host The XPC service in an app . i have a .xpc as target (not a daemon application containing .xpc ) which is directly used in launchd . have published the MachServices properly . any pointers would really help .

thank you matt . if it is serialised, wouldn't there will be lot of impact on performance .

thank you --! i see that everything in the first is allowed in second . Dumping the output here Entitlement for app <dict>     <key>com.apple.application-identifier</key>     <string>TeamID.com.company.abcappn</string>     <key>com.apple.developer.networking.networkextension</key>     <array>         <string>content-filter-provider</string>     </array>     <key>com.apple.developer.system-extension.install</key>     <true/>     <key>com.apple.developer.team-identifier</key>     <string>TeamID</string> </dict>    In the Embedded Profile for app key>Entitlements</key>       <dict>                                          <key>com.apple.developer.system-extension.install</key>            <true/>                       <key>com.apple.developer.networking.networkextension</key>            <array>                       <string>packet-tunnel-provider-systemextension</string>                       <string>app-proxy-provider-systemextension</string>                       <string>content-filter-provider-systemextension</string>                       <string>dns-proxy-systemextension</string>                       <string>dns-settings</string>            </array>                       <key>com.apple.application-identifier</key>            <string>TeamID.com.company.abcappn</string>                                              <key>keychain-access-groups</key>            <array>                       <string>TeamID.*</string>            </array>                                              <key>com.apple.developer.team-identifier</key>            <string>TeamID</string>         </dict> Anything else you suggest need to be examined .

No . only on container app and extension .

many thanks Matt. that was of great help.

@tartempion : that is a very detaild answer . the answer helped me to move ahead . many thank you .