Signing code for tests with one entitlement - mount_

Hello.


I noticed that apple from 10.12 system push to kernel nullfs filesystem, but "forgot" to write mount_nullfs app. So I write this application, and try to mount new volume, but I got message that operation is not permited. I noticed that apple requires from my program to have entitlement "com.apple.private.nullfs_allow" so I add to my project .entitlement file with:


<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>com.apple.private.nullfs_allow</key>
    <true/>
</dict>
</plist>


but then when I try to launch my app I got "Killed: 9" and in console:


Default    18:38:41.301036 +0100    amfid    /Users/***/Library/Developer/Xcode/DerivedData/mount_nullfs-gjwymekzvljjqdbhhrdpoyedjtiz/Build/Products/Debug/mount_nullfs signature not valid: -67050
Default    18:38:45.573339 +0100    kernel    proc 23854: load code signature error 4 for file "mount_nullfs"


So I thinking that self-signing program with entitlement "com.apple.private.*" doesn't work?


I don't have developer account that allows me to signing applications, now I only want to test this filesystem (does quotas works etc.) and if everything works ok, I probably buy developer account with signing posibility.


For testing I have SIP disabled.


Can I self-sign code with entitlement com.apple.private.nullfs_allow?

Up vote post of przemyslawfromkrakow Down vote post of przemyslawfromkrakow
1.5k views
Posted by
przemyslawfromkrakow
Reply
Add a Comment

Replies

Can I self-sign code with entitlement com.apple.private.nullfs_allow?

In general code signing entitlements must be whitelisted by a provisioning profile. Even if you had a developer account, you would not be able to create a provisioning profile for a private Apple entitlement.

I’m a bit lost as to your high-level goạl here. Why are you trying to work with nullfs?

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

Hello Eskimo.


I try to use nullfs because in my company we are using XSan, and one application that creates their database in root of the volume. Application do not allow to write in any other folder. But we are using this application to more than one project. So, if we want to have separate databases for all project, we need to create many xsan volumes. We have about 20 projects at this time. Sometimes projects extends, so we must add more space. It is simple with XSan quotas. Nullfs seems to be excelent solution for us.


We try to use fs based on fuse, but except poor performence, we have problem with quotas and permissions. Perhaps it wolud be simple to repair, but poor performance eliminate this solution.


I try symbolic links, but not all functionality of our app works ok with symlink.

Posted by
przemyslawfromkrakow
Up vote reply of przemyslawfromkrakow Down vote reply of przemyslawfromkrakow
Add a Comment