tokend: MAC OS 10.11 support

Hello,

We are encountering the following issue on tokend:


The tokend must be installed in a specific system directory(/System/Library/Security/tokend).

With MAC OS 10.11 the introduction of rootless protection prevents from installing our tokend on this system specific directory unless the MAC OS is ‘jailbroken’ by disabling the rootless protection. Once the protection is disabled the tokend works as normal.

What is the supported procedure to install a tokend on MAC OS 10.11 without disabling rootless protection, is that supported ?

Up vote post of PolT Down vote post of PolT
1.5k views
Posted by
PolT
Reply
Add a Comment

Replies

If you haven't already done so, you should file a bug about this issue. Please post your bug number, just for the record.

Share and Enjoy

Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

Take a look at the SmartCardServices man page <x-man-page://7/SmartCardServices>. Language was added in OS X El Capitan to make it clear that tokend modules can be installed in /Library/Security/tokend.


IIRC this change was made a few years ago, so you shouldn't have any backward compatibility issues with your installer.


However, it doesn't look like /Library/Security/tokend is created on a clean install. Please file a bug report asking for that directory to be created automatically so that its ownership and permissions are correct. In the meantime, you can create that with the same ownership and permissions as the parent /Library/Security.


--gc

Posted by
gc.
Up vote reply of gc. Down vote reply of gc.
Add a Comment