Hacker News new | past | comments | ask | show | jobs | submit login

I doubt you (or any human) is capable of enumerating what you don't want looked at. Frankly, I doubt most of this unknown area is covered by SIP at all, and it would be extremely odd if it did. Perhaps you might consider arguing for actual permissions rather than arbitrarily walling off the OS in a way that tangentially benefits the monopoly Apple holds over their own computers.

Wouldn't it be far easier to enumerate what you want an app to access?




SIP means not messing with the system files, enumerated thusly: /System.

Enumerating what I do want an app to access is handled by Gatekeeper.


> SIP means not messing with the system files, enumerated thusly: /System.

...and all its children, which is effectively the entire operating system

> Enumerating what I do want an app to access is handled by Gatekeeper.

Gatekeeper is not capable of this.


It's among the things Gatekeeper does, isn't it? As configured with PPPC?


It's actually a larger list available in /System/Library/Sandbox/rootless.conf




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: