Local Network Privacy on Sequoia
Running into a Sequoia bug where third party binaries running under a launchd agent are denied local network access despite approving the privacy prompt. This has the effect of making my iOS app’s CI unable to deploy successful builds, as my deployment tool is not one that ships with macOS.
If you run a tool from Terminal, then Terminal is considered the responsible code and, as a system app, it’s not subject to local network privacy.
If you run an executable as a
launchddaemon, it runs asrootand local network privacy does not apply to code running as root.However, if you configure the executable to run as a
launchdagent, you will see local network privacy prompts.
Here my experiments also show different results - if the bundled application is launched as a launchd daemon, the prompt will appear, even though the app runs with root privileges[…]
And, apparently, even approving the prompt doesn’t work.
Previously:
4 Comments RSS · Twitter · Mastodon
This would be the first time that a brand new security dialog in macOS does not work as expected…
Oh wait, no.
Oh look, *yet another* TCC bug!
It's bad enough that these are security features no one asked for and are solutions looking for problems. If they worked as intended they'd be heinously annoying. But the fact that they're all that AND broken too just makes it intolerable to me.
So many hours of my life have been wasted trying to work around these and dealing with the support requests they trigger.
For one QT application, I approved local network access, but the app still did not have local network access. A reboot was the only way to solve that.
@rpmik Yes, not sure what causes it, but I’ve seen that sort of delayed access granting with other TCC stuff like Full Disk Access.
