Local Network policy for applications coming in MacOs 15.0

App & System Services Networking
turkcankeskin OP
Created Oct ’24
Replies 4
Boosts 0
Views 263
Participants 2

Hi,

I upgraded my MacOs to 15.0. I work with maven in my environment. Normally, while running tests with maven in my environment in Sonomo 14.5, I was connecting to my test database environment with the postgresql library in the background.

But after the upgrade, I realized that maven could not do this. After some research, I saw that this policy for applications was newly added at https://support.apple.com/en-us/121011.

So, starting from 15.0, we have to allow "Local Network" usage for each application.

But when I run the "mvn test" command from the terminal, it does not ask me if I allow Local Network usage and that's why my mvn test gets an error.

But in normal applications, the same transaction works differently; For example, if I use the terminal of VSCode.app, it pops up a popup asking if I allow it and I allow it.

Then, I see that this application has been added under Local Network.

I definitely think there is a bug here.

Even though I allowed the postgresql jdbc driver with the "socketfilterfw" command, it doesn't work. Even though I allowed maven, it doesn't come under "Local Network applications".

1- Here, there definitely needs to be an option to add an application to the "Local Network" screen. 2- We need to define the "Local Network" usage authorization for all my applications or the relevant user with a single permission.

The worst part here is for CI servers. There are too many application runtimes in CI. It is unnecessary to bother with authorizing all of them here.

Replies  4
Boosts  0
Views  263
Participants  2
turkcankeskin OP
Oct ’24

Here in the feature announcement text, "socketfilterfw" and "Privacy > Local Network" can be confused with each other.

I see that "socketfilterfw" here is only related to firewall config.

What we need is a command tool to manage applications that use "Privacy > Local Network" or a Privacy certificate to authorize my entire environment.

0
turkcankeskin OP
Oct ’24

In my case

Gitlab > Gitlab runner (MacOs 15.0) > Script maven > maven connects to the database using the postgresql driver.

Here, after reaching MacOs 15.0, it does not ask a question when trying to connect and gets an error directly.

0
DTS Engineer OP
Apple
Oct ’24

For general background about this, see the Local Network Privacy FAQ. I haven’t yet updated it for macOS, but a lot of the core concepts apply to both systems.

Local network privacy does present some challenges for these sorts of developers tools. A bunch of your points are along the lines of “Apple should add this feature”, and for those I encourage you to file enhancement requests. That’s the best way to get your request to the folks who can actually change things.

If you do file any ERs, please post the bug numbers, just for the record.

In general, a program running on macOS should either have access to the local network or be able to prompt for that access. For example, programs running as root and from Terminal always have access, and a normal app run by the user from the Finder can prompt for access. However, things are not always that simple. There are various factors that can prevent this from working as expected, including:

  • Build-time things, like the program not being signed correctly

  • Run-time things, like the program trying to switch its execution context

I don’t yet have a complete picture of all of these. If you were the developer of these programs then I’d be happy to sit down with you and work through the details. However, you’re just trying to use them. Given that, my advice is that you raise these issues via the support channels for the programs you’re having problems with.

IMPORTANT Before you do that, it’d be best to retest on the current macOS 15.1 beta seed. It has at least one critical fix in this space (r. 133953401).

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

1
turkcankeskin OP
Oct ’24

Hi,

first of all, thank you very much for your answer. I understand you, but this is not a development request.

This is a blocked situation in AS IS structure. Actually, I am the administrator of the environments and the developer of my own products. (No, i am n't a developer of maven or gitlab :D )

I am currently proceeding as sudo/root.

I will try macOS 15.1 beta, I hope Apple understands this situation and does not prevent the work of the devops teams in this way :D

Thanks again for your answers.

0
Local Network policy for applications coming in MacOs 15.0
First post date Last post date
 
 
Q