Uninstall a System Extension via uninstaller pkg

Question

Created Mar ’21

Replies 4

Boosts 0

Views 4.8k

Participants 3

Hi All,
We have an app installed in /Applications/MyApp.app that embeds a system extension.

Everything works as expected and the system extension (DNSProxy) is installed and runs perfectly.

We also have a .pkg "Uninstaller" that alongside other tasks runs a rm -rf /Applications/MyApp.app in the pkg preinstall script.

When we run the uninstaller all the files are deleted and all the processes are stopped excepted the System extension that is still alive and kicking:

Code Block systemextensionsctl list
*	*	xxxxxxxxxxxx	com.xxxxxx.macos.netext.dnsproxy (2.0.0/22)	MyAppNE	[activated enabled]

The documentation states:

Code Block languageUninstall a System Extension
The system automatically uninstalls any system extensions when the user deletes the corresponding app. You can also uninstall a system extension by creating a deactivation request. Call the deactivationRequest(forExtensionWithIdentifier:queue:) method of OSSystemExtensionRequest and submit the resulting object to the OSSystemExtensionManager.

But apparently, this isn't the case if the app is removed in this specific way.
How are we supposed to uninstall the System Extension? running deactivationRequest(forExtensionWithIdentifier:queue:) method from the uninstaller pkg would be VERY tricky.

Update:
This entire post could be summarised with:
Removing an app from Terminal doesn't remove the embedded system extension.
This seems a HUGE limitation... how are we supposed to remove system extension via MDM or SSH for instance?

Answered by Systems Engineer in 668570022

The documentation here is correct. Running a deactivationRequest request on the system extension is the best way to do this because you are performing this action from the container app. When rm -rf is run from the terminal it is does not remove the system extension like it would when the user deletes the container app from the /Applications directory by hand. My advice would be to build a workflow here that runs through the deactivationRequest process in your container app.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com

Boost

Answer 1

Systems Engineer OP

Apple

Mar ’21

Accepted Answer

The documentation here is correct. Running a deactivationRequest request on the system extension is the best way to do this because you are performing this action from the container app. When rm -rf is run from the terminal it is does not remove the system extension like it would when the user deletes the container app from the /Applications directory by hand. My advice would be to build a workflow here that runs through the deactivationRequest process in your container app.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com

1

Answer 2

DTS Engineer OP

Apple

Mar ’21

What Matt said but also…

Uninstall is a major hole in the sysex story )-: For example, you can currently install a sysex on a managed Mac but not uninstall it. The sysex team is aware of these problems (r. 67923914) but I’ve no info to share as to when they might be resolved.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

4

Answer 3

kappe_m OP

Mar ’21

@matt @eskimo

Thank you for the confirmation, more I dig into this issue and more complaints I found, there are endless threads of IT folks asking Sophos and Cisco info on how to remove their sysex and Sophos is even suggesting to disable SIP in order to run a systemextensionsctl uninstall O_o.

Any clue on when/if the SIP restriction will be lifted on systemextensionsctl?

0

Answer 4

DTS Engineer OP

Apple

Apr ’21

Any clue on when/if the SIP restriction will be lifted on
systemextensionsctl?

We can’t talk about The Future™.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0