The man pages sysctl(3) state that sysctlbyname and the other mentioned functions return either 0 in case of success or -1 and set errno. But the Apple Documentation (for objective C) for sysctlbyname says the following about the the return values: Return value 0 on success, or an error code that indicates a problem occurred. Possible error codes include EFAULT, EINVAL, ENOMEM, ENOTDIR, EISDIR, ENOENT, and EPERM. So which is it? Or does it return something different in objective C than the C function mentioned in the man pages? But even the provided example in Apple's documentation only checks for return value -1 and then uses errno to log the error. Seems to me that the documentation is wrong.

I'm working on an enterprise product and we need to be able to provide a meaningful mapping between processes and the session context they're running in. I know that we can get the asid of a process based on an exec event subscription via ES, but the asid is too detailed. Ultimately we want to be able to say process A is running in the system/console of user {a,b,c}/ssh session. One problem is that for what we would consider a system session (non interactive) there exist multiple asids. So we need to group all non user sessions a be able to distinguish them from user gui/ssh sessions. Is there a way to get more information about a process' session, maybe but querying its asid? Maybe based on bsm and the audit token? I was thinking along the lines of what launchctl procinfo provides under the section audit flags. There are flags like has_console_access,has_authenticated. But I haven't been able to find out where this information is coming from. There are related flags in the Security framework (SessionAttributeBits) but especially the two I mentioned are missing.

Hi, I've used Xcode's conversion tool to convert a chrome extension. However, the tool throws warnings for basically every key and permission in the manifest.json file. It does create an Xcode project though. I've validated the manifest.json against 3 different json standards and no issues were detected. I'm using the latest version of Monterey and Xcode. ╰─$ xcrun safari-web-extension-converter --objc --macos-only . objc[2832]: Class AMSupportURLConnectionDelegate is implemented in both /usr/lib/libamsupport.dylib (0x21686f130) and /Library/Apple/System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/MobileDevice (0x108b4c2c8). One of the two will be used. Which one is undefined. objc[2832]: Class AMSupportURLSession is implemented in both /usr/lib/libamsupport.dylib (0x21686f180) and /Library/Apple/System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/MobileDevice (0x108b4c318). One of the two will be used. Which one is undefined. Xcode Project Location: [...]/Browser Extensions/Chrome extension/DistPublic App Name: [...] App Bundle Identifier: com.yourCompany.[...] Platform: macOS Language: Objective-C Warning: The following keys in your manifest.json are not supported by your current version of Safari. If these are critical to your extension, you should review your code to see if you need to make changes to support Safari: description webRequestBlocking persistent version nativeMessaging <all_urls> tabs scripts storage alarms manifest_version webRequest name icons The only permission that I found is really not supported is webRequestBlocking. But even if I remove it, the tool still complains about the rest. Any idea what is causing this behavior?

Is it possible to tell whether a process has crashed with ES or to get a notification when a crash happens? I was looking at the stat field of es_event_exit_t in combination with the macros like WTERMSIG from wait (2), but that probably wouldn't be enough? A process could be terminated by a signal without a crash (e.g. by sending SIGSEGV via terminal). I ultimately want to analyze a crash report as soon as the crash report is available. Currently that's done by subscribing to ES_EVENT_TYPE_NOTIFY_CREATE but this approach comes with a few drawbacks.

I want to compile curl in a such a way that it can access the macOS keychain for certificate lookup. I have added an internal company CA certificate to my system keychain and am trusting it. When I build curl as described in the curl docs (which I am apparently not allowed to link) with Secure Transport I am able to connect to a server with a certificate signed by our internal CA. However, this does not work as root. ./curl company.com # works sudo ./curl company.com # invalid certificate chain When I repeat the same tests with the curl version that ships with the os, it works in both cases. Same results with a small example program when I link against my build vs linking against Apple's curl. I've also tried to compile it with libressl (with and without Secure Transport) but then keychain access doesn't even work as normal user. Any idea what's going wrong? How does Apple compile curl so that it works as root?

The dns_util API like dns_parse_packet is marked deprecated as of macOS 13.0. What is the successor? I'm specifically interested in parsing parsing DNS packets captured with libpcap. As an aside, I was surprised that I didn't get a deprecation warning. We still use Big Sur as deployment target (which seems to control the warning in this case), but of course, we support the newest versions. Is the API guaranteed to work on Sonoma even though it was deprecated with Ventura?