We have a daemon (/Library/LaunchDaemons) that has been calling setuid (usr/include/unistd.h) for some time. Launchd allowed that until we started compiling using Xcode 16 (maybe even Xcode 15). But now we have to remove that call for launchd to allow the daemon to run. That's not really an issue to remove that call but it is very mysterious that it only fails in Sonoma. Works in Sequoia and Monterey. Why is that? We found this after adding some logging to our daemon plist:
The application with bundle ID <redacted> is running setugid(), which is not allowed. Exiting.
We're actually calling setuid.