Hi there,
We are using at the moment appproxy from system extension. It works fine. But it is realised that the system extension only prompt with csrutil disable.
With csrutil enable, there is no prompt to add it thus cannot use it at all.
As far as I understand, SIP is enabled by default. We cannot ask the customers to disable it one by one in order to have system extension work?
Thanks in advance for any suggestion.
Regards Richard
It works fine. But it is realised that the system extension only prompt with csrutil disable. With csrutil enable, there is no prompt to add it thus cannot use it at all.
These two sentences are confusing to me. Can you elaborate on what you mean here?
Furthermore, I will mention that you should always develop and test with SIP enabled, unless you extraordinary reason that you are turning SIP off. Turning off SIP masks problems with an environment and your code that you did not know even were there. Always build and test with your container app in the /Applications directory, and when testing on another machine, make sure you Notarize and Developer ID sign your app/extension. It may seem like a lot of work up front, but it will save you time in the long run because you do not have to go back and diagnose why a code path or test scenario doesn't work with SIP enabled.
Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com