System Extension Active and Enabled but no running

Question

Created Sep ’21

Replies 3

Boosts 0

Views 1.7k

Participants 3

Hi, I a developing Network Extension for macos that runs constantly on my system. When I have a new update to release the extension downloads the pkg installer into the /tmp directory and executes it with

sudo installer -pkg /tmp/installer.pkg -target /

I have noticed that on some systems, mainly Catalina, when the installer is executed the extension is replaced and activated but the process never launches and after this happens I can't find a way to launch it aside from having the users reboot.

--- com.apple.system_extension.network_extension
enabled	active	teamID	bundleID (version)	name	[state]
		9A63A32J6B	com.company.myapp.Agent (2.0/1)	Agent	[terminated waiting to uninstall on reboot]
*	*	9A63A32J6B	com.company.myapp.Agent (2.1/1)	Agent	[activated enabled]

As you can see it does say enabled and activated so I do not know what could be happening.

Boost

Answer 1

Systems Engineer OP

Apple

Sep ’21

I have noticed that on some systems, mainly Catalina, when the installer is executed the extension is replaced and activated but the process never launches and after this happens I can't find a way to launch it aside from having the users reboot.

How are you installing the updated System Extension? Is this done through a Container App update to replace the existing extension or is this done through a launch daemon?

The reason I am asking is because this should always be done through a Container App. There have been known bugs (r. 76236056) in Catalina and Big Sur with orphaning a system extension due to update/replace issues, and using a launch daemon does not help things in this department.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com

0

Answer 2

Systems Engineer OP

Apple

Sep ’21

Are you able to download the pkg installer and update the container app and then run through the installation process of the System Extension through the container app using the .replace method?

func request(_ request: OSSystemExtensionRequest, actionForReplacingExtension existing: OSSystemExtensionProperties, 
			withExtension replacement: OSSystemExtensionProperties) -> OSSystemExtensionRequest.ReplacementAction {
    // As this is a do-nothing extension, we always replace old versions with new versions.
    return .replace
}

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com

0

Answer 3

or_b OP

Feb ’22

Hi, I'm facing the same problem. After the replacing of the network system extension I saw this on the logs:

Default     0x0                  561    0    sysextd: changing state of extension com.company.myapp.SysExtension to activated_enabled.
Activity    0x4e1f               153    0    authd: (Security) SecTrustEvaluateIfNecessary
Default     0x0                  720    0    myapp: (NetworkExtension) [com.apple.networkextension:] Last disconnect error for *** VPN changed from "The VPN app used by the VPN configuration is not installed" to "The operation couldn’t be completed. (NEAgentErrorDomain error 2.)"

When I use the workaround for Apple bug 32073323 (and described here), adding exit(0) at the end of the stopTunnel() method, it solves the problem but I don't think that is the right way to solve it.

0