Hello, I have tried to create a VZVirtualMachine macOS virtual machine on an Apple Silicon Mac. I have installed Docker Desktop inside this virtual machine. Docker is not working: I get this error message: "Hyopervisor check failed". Is there a way to run Docker inside a VZVirtualMachine ? Thanks a lot

Hello, I am browsing with Safari. A website asks me to access my microphone (it is a Safari prompt dialog, not a system dialog). I am answering "yes, you can access to my microphone". Everything works fine, my microphone is allowed. Now, i am going to macOS system settings, in "Privacy & Security" section. I open "Microphone" sub section: And i don't see any entry for Safari. My question is ... Why ? Safari is accessing to my microphone at this moment and i don't see any grant information about this in system settings... Maybe apple allows his own softwares but this is not good for security... I hope it is not the same behaviour for full disk access grant... Thanks

Hello, I have an encrypted dmg file containing a secret file. When a user want's to see the secret, he must mount the dmg and provide password. When the dmg is mounted, every user connected to the computer can see the secret file ! And i don't want this. Is there a way to open a dmg file with swift language, without mounting it ? Thanks

Hello, It is possible to restrict access to Desktop or Documents folder with TCC for a given application in macOS Preferences. For example Terminal is not allowed to access Documents folder. But i have see it is possible to write files or to create directory from Terminal ! I don't understand this behaviour. Is there a particular reason ? Thanks

Can you explain me why it is not possible to work with VZVirtualMachine on iOS ? iPad is working with the same ARM chips than mac. It would be great to create a Linux VM on an iPad pro for example... I am tossing a bottle into the sea... Thanks

Hello, There is something i do not understand about TCC: I have allowed Terminal app to Full Disk Access. I was able to open my current user's TCC.db file with sqlite3 from terminal. I was able to delete entries in access table with sqlite3. I had no errors, but these changes haven't been applied. My question is why was I able to modify TCC.db file ? Is there a specific thing to do to flush privileges ? I have a second question: When an application fires an NSOPenDialog on a cocoa application, the selected file access rule bypasses TCC. This is normal because this is an intent from user. But this file access seems to be stored somewhere because if i reboot computer, my cocoa application can read this file again, without NSOpenDialog opening. I have tried to look in current user's TCC.db file but i did not found anything. My question is: where is this information stored ? Thanks

Hello, I am wondering the value-add of autorelease in swift. Look at this code: for i in (0...10) { autorelease { let obj1=MyClass() ... } } obj1 will be released at the end of autorelease block. But i can also work with a function like this (or a closure): func test() { let obj1=MyClass() ... } for i in (0...10) { test() } obj1 will be released at the end of the test function. Do you agree we have the same result in memory in both cases ? If so, when should we work with autorelease ? Thanks

Hello, I am read some binaries are "SIP protected". SIP means System Integrity Protection. I know this is a security mechanism under macOS. But i don't understand what is a "SIP protected binary". Is it a binary located in a specific folder ? Is it a binary signed with "hardened runtime" ? Thanks

Hello, I have made a basic c program and i have compiled it with gcc. This program has not been signed (i didn't run codesign). When i am trying to run this program from terminal, i don't get any Gatekeeper popup. My first question is... why ? I have create a SwiftUI project with Xcode (Xcode 15). I have set signing settings to "Sign to run locally" (by the way, can you tell me how i can disable signing in Xcode ?) I have opened terminal and i have changed current directory to ~/Library/Developer/Xcode/DerivatedData/..../Products/Debug/MyApp.app/Contents/MacOS folder. Now i get a gatekeeper confirmation popup if run "./Myapp" from terminal. My second question is... Why ? Does that mean Gatekeeper only checks signed binaries ? Thanks

Hello, My purpose is to understand how macOS works. Here is what i've done: I have wrote a c program on a M1 CPU with this lines: printf("Before breakpoint\n"); asm volatile("brk #0"); printf("After breakpoint\n"); When i run this program with lldb, a breakpoint is hit on the second line. So i suppose lldb is writing a "brk #0" instruction when we put a breakpoint manually. I can't continue to next line with lldb "c" command. PC stays on the brk instruction. I need to manually set PC to next instruction in lldb. Now, what i want to do is to create my own debugger. (I want to understand how lldb works). I have managed to ptrace the target program and i was able to catch an event with waitpid when "brk #0" is hit. But i don't know how i can increase PC value and continue execution because i can't do this on Silicon CPU: ptrace(PTRACE_GETREGS, child_pid, NULL, &regs); ptrace(PTRACE_SETREGS, child_pid, NULL, &regs); kill(child_pid, SIGCONT); So my question is: How does lldb managed to change ARM64 registers of a remote process ? Thanks

Hello, I have tried to create a thread with thread_create_running API. It works but i would like to suspend this thread. I can call thread_suspend, but my thread has already been start before i call this API. Is there a way to create a thread without running it automaticaly. Thanks

Hello, Let's imagine an application (Application A) which launch another application (Application B). These applications are bundle apps. What happens if Application B tries to read a file in current user's Documents folder ? TCC will check if the application is allowed to access to Documents folder. But will it check this right for application A or application B (or both ?) I have tried to run an application from Terminal. My terminal is authorized to access to Documents folder. And i am surprised because TCC did not asked me to allow the application itself. It seems TCC is looking for parent process rights. Can you confirm ? Thanks

Hello, I am trying to create a dmg file by launching hdiutil through my swift program. This swift program is sandboxed. Here is what i've done: let hdd_file:String = NSHomeDirectory() + "hdd.dmg.sparseimage" let process = Process() process.launchPath = "/usr/bin/hdiutil" process.arguments = ["create", "-size", "30g", "-fs", "'APFS'", "-volname", "myvolume", "-type", "SPARSE", hdd_file] let pipe = Pipe() process.standardOutput = pipe process.launch() let data = try pipe.fileHandleForReading.readToEnd() print(data) I get this error: hdiutil: create failed - Device not configured I don't understand why i get this error because the dmg file is created in application's sandbox home directory. Or maybe hdiutil is forbidden but i am just creating a dmg file. I am not trying to mount a device. Do you have any idea of how i can create a dmg file from my sandboxed application ? Thanks

Hello, I am trying to download a macOS image with the swift code bellow. I would like to update a NSProgressIndicator component to show download progress. The closure is run on a background thread so i need to do something to force execution on main thread. This is what i am trying to do with DispatchQueue.main.async but it does not work. I have also tried with DispatchQueue.global().async (and both). I have a runtime error saying i can't update UI from background thread. I don't understand why DispatchQueue.main.async does not force execution on main thread. Do you have any idea ? Thanks @IBOutlet weak var progression: NSProgressIndicator! ... func method1() { let downloadTask = URLSession.shared.downloadTask(with: restoreImage.url) { localURL, response, error in ... downloadObserver = downloadTask.progress.observe(\.fractionCompleted, options: [.initial, .new]) { (progress, change) in DispatchQueue.global().async { DispatchQueue.main.async { self.progression.doubleValue = (change.newValue! * 100) // Execution error on this line } } ... }

Hello, I am downloading macOS restore image with VZMacOSRestoreImage, in order to deploy virtual machines. I have just upgraded my host mac to last Sonoma version. So, macOS restore image has just been downloaded on my computer during upgrade procedure. Is there a way to avoid a second download and ask VZMacOSRestoreImage to fetch my last local macOS image ? I think this image is still stored somewhere on my computer... Thanks