After enabling App Groups for the extension identifier, and disabling sandbox, XPC started to work Sandbox prevented the app registering with the provider running in the system extension. This code fails in the app with Sandbox enabled: newConnection.remoteObjectProxyWithErrorHandler { error } Do you have a guess on where the problem is for the sandbox? I don't need these anymore, bu maybe the info would help: I had a working app that used App Extensions, after switching to System Extension distributed notifications sent by the extension stopped being received by the app Shared User Defaults also stopped working, but I see in the docs that they can work only between app <-> app extension, and app <-> app, not system extensions.

After removing kSecUseDataProtectionKeychain I started getting a different error - kPOSIXErrorEPERM I found this unresolved thread with the same issue https://developer.apple.com/forums/thread/710758 And same as there, after adding temporary read-write exception for path /Library/Keychains/ keychain started to work Does it mean I cannot write to the keychain from System Network Extension using that read-write exception and publish to the the Appstore at the same time?

FB11916222 (Writing to keychain from Network System Extension fails with kPOSIXErrorEPERM)

Just in case, if root can write logs to a folder that the user is able to open in Finder, that would work too

I changed file.puts "#!/bin/bash\nopen -a '#{options[:app_name]}'\nexit 0'" to file.puts "#!/bin/bash\nopen -a '#{options[:app_name]}'\nexit 0" And "--install-location", "/Applications/#{options[:app_name]}.app", to "--install-location", "/Applications", Result: postinstall now works preinstall does not close opened app the actual install also doesn't happen, the above scripts were tested on the app that already exists

Resolved. Had to read the logs /var/log/install.log - I had the app renamed and placed in downloads folder, it detected it and that's why didn't install anything in Applications

This is macOS For me this is sort of a command line tool. I created it from Xcode app template, but it has no UI and Application is agent (UIElement) YES The docs: https://developer.chrome.com/docs/extensions/develop/concepts/native-messaging/ Chrome starts each native messaging host in a separate process and communicates with it using standard input (stdin) and standard output (stdout). In this example Chrome launches it. If I call getppid(), it gives me Chrome's pid. I use XPC for communication between my "processes". But I can't choose how Chromium-based browsers communicates with my helper "app", that's why stdin and stdout This helper "app" that Chrome launches connects to my main app with XPC and transfers data. It works as a bridge between them.

I'm missing info for the socket part.. Is this how I would get PID? getsockopt(socket_id, SOL_LOCAL, LOCAL_PEERPID, &pid, &len) How would I get socket_id in this case? I use FileHandle.standardInput to read data, I don't create sockets myself

I missed the part where after loadAllFromPreferences you can check which one is connected, and re-connect to that.. This fixes my bug In pkg preinstall and postinstall we also now quit app and stray running tunnel if any + remove duplicate profiles