System Extension Active and Enabled but no running

Hi, I a developing Network Extension for macos that runs constantly on my system. When I have a new update to release the extension downloads the pkg installer into the /tmp directory and executes it with

sudo installer -pkg /tmp/installer.pkg -target /

I have noticed that on some systems, mainly Catalina, when the installer is executed the extension is replaced and activated but the process never launches and after this happens I can't find a way to launch it aside from having the users reboot.

--- com.apple.system_extension.network_extension
enabled	active	teamID	bundleID (version)	name	[state]
		9A63A32J6B	com.company.myapp.Agent (2.0/1)	Agent	[terminated waiting to uninstall on reboot]
*	*	9A63A32J6B	com.company.myapp.Agent (2.1/1)	Agent	[activated enabled]

As you can see it does say enabled and activated so I do not know what could be happening.

Up vote post of santalvarez Down vote post of santalvarez
576 views
Posted by
santalvarez
Reply
Add a Comment

Replies

I have noticed that on some systems, mainly Catalina, when the installer is executed the extension is replaced and activated but the process never launches and after this happens I can't find a way to launch it aside from having the users reboot.

How are you installing the updated System Extension? Is this done through a Container App update to replace the existing extension or is this done through a launch daemon?

The reason I am asking is because this should always be done through a Container App. There have been known bugs (r. 76236056) in Catalina and Big Sur with orphaning a system extension due to update/replace issues, and using a launch daemon does not help things in this department.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
Posted by
meaton
Up vote reply of meaton Down vote reply of meaton

  • My system extension downloads a pkg installer and executes it with the command shown above. I do this so the user does the app can update itself with no user interaction. The installer copies the app to /Applications and executes the container app.

    santalvarez

  • If I were to run the installer from the container app instead of from the system extension would it work? Im asking because I saw an implementation where the system extension downloaded the pkg installer and then called the helper app to run that installer.

    santalvarez
Add a Comment

Are you able to download the pkg installer and update the container app and then run through the installation process of the System Extension through the container app using the .replace method?

func request(_ request: OSSystemExtensionRequest, actionForReplacingExtension existing: OSSystemExtensionProperties, 
			withExtension replacement: OSSystemExtensionProperties) -> OSSystemExtensionRequest.ReplacementAction {
    // As this is a do-nothing extension, we always replace old versions with new versions.
    return .replace
}

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
Posted by
meaton
Up vote reply of meaton Down vote reply of meaton

  • Yes, when I download the installer and execute it I do go through the replace action.

    santalvarez
Add a Comment

Hi, I'm facing the same problem. After the replacing of the network system extension I saw this on the logs:

Default     0x0                  561    0    sysextd: changing state of extension com.company.myapp.SysExtension to activated_enabled.
Activity    0x4e1f               153    0    authd: (Security) SecTrustEvaluateIfNecessary
Default     0x0                  720    0    myapp: (NetworkExtension) [com.apple.networkextension:] Last disconnect error for *** VPN changed from "The VPN app used by the VPN configuration is not installed" to "The operation couldn’t be completed. (NEAgentErrorDomain error 2.)"

When I use the workaround for Apple bug 32073323 (and described here), adding exit(0) at the end of the stopTunnel() method, it solves the problem but I don't think that is the right way to solve it.

Posted by
or_b
Up vote reply of or_b Down vote reply of or_b

  • There were some issue replacing and updating System Extensions late in Big Sur and early in Monterey. That should have been resolved by the macOS 12.1 timeframe if you are installing, replacing, and updating through the recommended OSSystemExtensionRequest API path.

    meaton

  • Is there any workaround to overcome this issue besides the exit(0) workaround?

    or_b

  • If you are using a non-UI process to install the System Extension then avoid doing this. One workaround that did seem to work for some Developers was to attempt to deactivate the System Extension and then reactivate the System Extension. Otherwise I would recommend updating to macOS 12.1.

    meaton