Post not yet marked as solved
This one is a bit more confusing. Check to make sure that the process is not hung somehow by looking for the Network Extension name in the Activity Monitor.
I had rebooted and sure the process is not running in activity monitor . so it ws surprising.
Post not yet marked as solved
fine matt . will try out . thank you.
Post not yet marked as solved
thankyou.
there are 2 states/messages seen on systemextensionsctl list comand: on deactivation without reboot: "terminated waiting to uninstall on reboot"
on deactivation after reboot: "uninstalling"
so the confusion .
Post not yet marked as solved
@tartempion : that is a very detaild answer . the answer helped me to move ahead . many thank you .
many thanks Matt. that was of great help.
Post not yet marked as solved
No . only on container app and extension .
Post not yet marked as solved
thank you --!
i see that everything in the first is allowed in second . Dumping the output here
Entitlement for app
<dict>
<key>com.apple.application-identifier</key>
<string>TeamID.com.company.abcappn</string>
<key>com.apple.developer.networking.networkextension</key>
<array>
<string>content-filter-provider</string>
</array>
<key>com.apple.developer.system-extension.install</key>
<true/>
<key>com.apple.developer.team-identifier</key>
<string>TeamID</string>
</dict>
In the Embedded Profile for app
key>Entitlements</key>
<dict>
<key>com.apple.developer.system-extension.install</key>
<true/>
<key>com.apple.developer.networking.networkextension</key>
<array>
<string>packet-tunnel-provider-systemextension</string>
<string>app-proxy-provider-systemextension</string>
<string>content-filter-provider-systemextension</string>
<string>dns-proxy-systemextension</string>
<string>dns-settings</string>
</array>
<key>com.apple.application-identifier</key>
<string>TeamID.com.company.abcappn</string>
<key>keychain-access-groups</key>
<array>
<string>TeamID.*</string>
</array>
<key>com.apple.developer.team-identifier</key>
<string>TeamID</string>
</dict>
Anything else you suggest need to be examined .
Post not yet marked as solved
thank you matt .
if it is serialised, wouldn't there will be lot of impact on performance .
Post not yet marked as solved
@tartempion :
Am facing the same issue . do you host The XPC service in an app . i have a .xpc as target (not a daemon application containing .xpc ) which is directly used in launchd . have published the MachServices properly . any pointers would really help .
Post not yet marked as solved
With default Network Extension Target the NEMachServiceName is already added.
should we just connect from the app to this NEMachServiceName and then start exchanging message.
was just curious whether I create the listener in the app and connect (from client) from the Network Extension. is it a good idea ?
Post not yet marked as solved
thank you eskimo .
it is a NetworkExtension .
howz the setting up different in NetworkExtension & EndpointSecurity ?
Post not yet marked as solved
thnsk you eskimo for the answer .is "App Sandbox entitlement" required for Driverkit ?