So I'm building the macOS app, which includes a framework which embeds Python code. Some of the Python modules do dynamically load shared objects. I have put the shared objects under "PlugIns", and there are symlinks from the location where Python expects them to be. I.e.: Python tries to mmap the object from: MySampleApp.app/Contents/Frameworks/MySample.framework/Resources/python/lib/python3.9/site-packages/lxml/etree.cpython-39-darwin.so but this is actually a symlink to: MySampleApp.app/Contents/Frameworks/MySample.framework/Versions/A/PlugIns/site-packages/lxml/etree.cpython-39-darwin.so Both the framework and app are codesigned: % codesign -v -vvv ./MySampleApp.app/ -prepared:/Users/piotr/MySampleApp.app/Contents/MacOS/wl-cli -validated:/Users/piotr/MySampleApp.app/Contents/MacOS/wl-cli -prepared:/Users/piotr/MySampleApp.app/Contents/Library/LoginItems/wlclientd.app -validated:/Users/piotr/MySampleApp.app/Contents/Library/LoginItems/wlclientd.app -prepared:/Users/piotr/MySampleApp.app/Contents/Frameworks/MySample.framework/Versions/Current/. -validated:/Users/piotr/MySampleApp.app/Contents/Frameworks/MySample.framework/Versions/Current/. ./MySampleApp.app/: valid on disk ./MySampleApp.app/: satisfies its Designated Requirement When Python tries to run its code howerer, it fails with the following error message: dlopen(MySampleApp.app/Contents/Frameworks/MySample.framework/Resources/python/lib/python3.9/site-packages/lxml/etree.cpython-39-darwin.so, 2): no suitable image found. Did find: MySampleApp.app/Contents/Frameworks/MySample.framework/Resources/python/lib/python3.9/site-packages/lxml/etree.cpython-39-darwin.so: code signing blocked mmap() of 'MySampleApp.app/Contents/Frameworks/MySample.framework/Resources/python/lib/python3.9/site-packages/lxml/etree.cpython-39-darwin.so' Furthermore, at the time it happens I see the following message in system log: default 09:13:25.897428+0200 kernel MySampleApp.app/Contents/Frameworks/MySample.framework/Versions/A/PlugIns/site-packages/lxml/etree.cpython-39-darwin.so: Possible race detected. Rejecting. What does this message mean exactly and how can I identify the cause of the issue? The same code runs without problems when I disable system integrity protection. The app is not designed for sandboxing. Hardened runtime is enabled.

So here is my situation. I am developing a macOS app which includes a helper tool. Helper mounts a FS (served locally from the app) under /Volumes/myfilesystem. Once this happens I would like the main app to programmaticaly open a finder window on the root of this filesystem. I'm currently trying to do this like that: configuration: conf) Unfortunately this causes the interactive security prompt to popup for the user (even though I "disallow" the access the Finder window correctly opens on the given directroy). Is there a way to avoid this popup (I don't want to "access" this directory" from my app, I just need it to open it in Finder)?