looks like you might be trying to write the prefer...
# clientf
future-ram-24559
07/01/2022, 4:39 AMlooks like you might be trying to write the preferences or supporting files to /etc which is now a protected location. You should be writing prefs to /Application Support/netmaker/
j
jolly-london-20127
07/01/2022, 12:08 PMWhat version of mac are you running? I will test this out today.
jolly-london-20127
07/01/2022, 1:01 PMI'm guessing this is on M1?
f
future-ram-24559
07/01/2022, 11:32 PMno this is on Intel, but this issue will also be present on Apple Silicon as it's an OS issue
b
bored-island-21407
07/01/2022, 11:34 PMno issue running on macOs on AWS vm
j
jolly-london-20127
07/02/2022, 2:00 AMWhich version of Mac?
f
future-ram-24559
07/05/2022, 12:22 AMcurrent version Monterey 12.4
future-ram-24559
07/05/2022, 12:24 AMhey @bored-island-21407 can you please verify if SIP/ gatekeeper is on or off on that VM?
'csrutil status'
b
bored-island-21407
07/05/2022, 12:48 PM Copy code
ec2-user@ip-172-31-26-9 ~ % csrutil status
System Integrity Protection status: unknown (Custom Configuration).
Configuration:
Apple Internal: disabled
Kext Signing: enabled
Filesystem Protections: disabled
Debugging Restrictions: enabled
DTrace Restrictions: enabled
NVRAM Protections: enabled
BaseSystem Verification: enabled
This is an unsupported configuration, likely to break in the future and leave your machine in an unknown state.
ec2-user@ip-172-31-26-9 ~ %j
jolly-london-20127
07/06/2022, 1:35 AM/Application Support/ doesn't appear on Big Sur. Is there a location we can use that will be supported across versions?
f
future-ram-24559
07/06/2022, 1:37 AMthanks for the feedback @bored-island-21407.
Because filesystem protections are disabled, this probably means netclient is able to read/write to /etc on your VM.
But on a Mac with SIP turned on, it barfs hard.
Actually I may have figured it out- netclient adds a bunch of config files to /etc with like 700 permissions, and in this format it won't work.
Change to 705 and I get the message that the network has already been joined- so the error message here is a permissions issue- I think.
To answer @jolly-london-20127 - it's there. have a look in /Library << top level directory
j
jolly-london-20127
07/06/2022, 1:39 AMgotcha, so that would be a better place than /etc? and add with 705 perms?
f
future-ram-24559
07/06/2022, 1:40 AMyes- Apple will stop you from adding stuff into /etc at some point. And stuff in /Library/Application Support just allows you to have your own folder with prefs to do as you please- but I'm pretty sure it has to be readable by user, can't dump stuff there and lock it.
j
jolly-london-20127
07/06/2022, 1:43 AMgotcha, giving that a try now
f
future-ram-24559
07/06/2022, 1:44 AMif there's anything in there that really needs obfuscation there's probably ways...
j
jolly-london-20127
07/06/2022, 1:46 AMI dont think that's necessary