Let's say you are building a non-trivial macOS app. By non-trivial I mean an app consisting of several cooperating compontents (i.e. gGUI app, a command line tool, kexts or pivileged helper tools). What would be your approach to setup an automated testing framework for integration testing of such an app? My current idea is to have a VM image running macOS, expose SSH and vnc access and try to use that as a scripting interface for test execution. What I'm concerned about is interacting with the OS UI (i.e. detecting privileged helper installation dialog and interacting with it), for which probably the way to go would be through VNC which seems like an extremely low level interface to script such an interaction through.

So I'm building the macOS app, which includes a framework which embeds Python code. Some of the Python modules do dynamically load shared objects. I have put the shared objects under "PlugIns", and there are symlinks from the location where Python expects them to be. I.e.: Python tries to mmap the object from: MySampleApp.app/Contents/Frameworks/MySample.framework/Resources/python/lib/python3.9/site-packages/lxml/etree.cpython-39-darwin.so but this is actually a symlink to: MySampleApp.app/Contents/Frameworks/MySample.framework/Versions/A/PlugIns/site-packages/lxml/etree.cpython-39-darwin.so Both the framework and app are codesigned: % codesign -v -vvv ./MySampleApp.app/ -prepared:/Users/piotr/MySampleApp.app/Contents/MacOS/wl-cli -validated:/Users/piotr/MySampleApp.app/Contents/MacOS/wl-cli -prepared:/Users/piotr/MySampleApp.app/Contents/Library/LoginItems/wlclientd.app -validated:/Users/piotr/MySampleApp.app/Contents/Library/LoginItems/wlclientd.app -prepared:/Users/piotr/MySampleApp.app/Contents/Frameworks/MySample.framework/Versions/Current/. -validated:/Users/piotr/MySampleApp.app/Contents/Frameworks/MySample.framework/Versions/Current/. ./MySampleApp.app/: valid on disk ./MySampleApp.app/: satisfies its Designated Requirement When Python tries to run its code howerer, it fails with the following error message: dlopen(MySampleApp.app/Contents/Frameworks/MySample.framework/Resources/python/lib/python3.9/site-packages/lxml/etree.cpython-39-darwin.so, 2): no suitable image found. Did find: MySampleApp.app/Contents/Frameworks/MySample.framework/Resources/python/lib/python3.9/site-packages/lxml/etree.cpython-39-darwin.so: code signing blocked mmap() of 'MySampleApp.app/Contents/Frameworks/MySample.framework/Resources/python/lib/python3.9/site-packages/lxml/etree.cpython-39-darwin.so' Furthermore, at the time it happens I see the following message in system log: default 09:13:25.897428+0200 kernel MySampleApp.app/Contents/Frameworks/MySample.framework/Versions/A/PlugIns/site-packages/lxml/etree.cpython-39-darwin.so: Possible race detected. Rejecting. What does this message mean exactly and how can I identify the cause of the issue? The same code runs without problems when I disable system integrity protection. The app is not designed for sandboxing. Hardened runtime is enabled.

So here is my situation. I am developing a macOS app which includes a helper tool. Helper mounts a FS (served locally from the app) under /Volumes/myfilesystem. Once this happens I would like the main app to programmaticaly open a finder window on the root of this filesystem. I'm currently trying to do this like that: configuration: conf) Unfortunately this causes the interactive security prompt to popup for the user (even though I "disallow" the access the Finder window correctly opens on the given directroy). Is there a way to avoid this popup (I don't want to "access" this directory" from my app, I just need it to open it in Finder)?