Rootless kernel level protection

Discussion in 'OS X El Capitan (10.11)' started by tarf, Jun 8, 2015.

  1. tarf macrumors newbie

    Joined:
    Jun 8, 2015
    #1
    Rootless was rumored about a lot, but with the release there does not seem to be any additional information pertaining to it. Has anyone had any experience with it and what it is and how it works yet?
     
  2. MikhailT macrumors 601

    Joined:
    Nov 12, 2007
    #2
    It was just a rumor, that's it.

    It is possible it might have be the system integrity protection, this was mentioned today in the Platform State of the Union session.
     
  3. oatman13 macrumors regular

    Joined:
    Feb 14, 2013
    #3
    It is in the OS... You cannot modify or delete system files even with SUDO.
     
  4. dagamer34 macrumors 65816

    dagamer34

    Joined:
    May 1, 2007
    Location:
    Houston, TX
    #4
    During the Platform State of the Union, it was referred to as "System Integrity Protection". But they didn't go into too terribly much detail than what we already knew (no overwriting system files).
     
  5. mag01, Jun 9, 2015
    Last edited: Jun 9, 2015

    mag01 macrumors regular

    Joined:
    Apr 10, 2011
    #5
    To disable the rootless protection, use something like
    Code:
    sudo nvram boot-args="rootless=0"
    And better check your current boot args via
    Code:
    nvram -p
    and then just add/modify the rootless argument.
     
  6. colinwil macrumors regular

    Joined:
    Nov 15, 2010
    Location:
    Reading, UK
    #6
    To add to the helpful reply by mag01...

    I just tried to change the .kext' extension for a file in /System/Library/Extensions to '.disable'. By default, Rootless prevents me from doing this - either from Finder or from Terminal using sudo mv.

    I turned off Rootless using sudo nvram boot-args="rootless=0" in Terminal and rebooted. I was now able to change the file extension from within Get Info in Finder.

    Once I'd renamed it, I turned rootless back on with sudo nvram -d boot-args
     
  7. djtech42 macrumors 65816

    djtech42

    Joined:
    Jun 23, 2012
    Location:
    West Chester, OH
    #7
    The code snippet didn't work for me
     
  8. KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #8
    I wonder what will happen once you update your system. Since repair permissions is now part of the update procedure, among other things, it is possible that OS X either overwrites your changes or refuses to load.
     
  9. w0lf macrumors 65816

    w0lf

    Joined:
    Feb 16, 2013
    Location:
    USA
    #9
    Most likely nothing out of the ordinary. Worst case scenario you would just have to re-enable rootless from the recovery partition.

    You can also still repair permissions with
    Code:
    diskutil repairPermissions /
    
     
  10. KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #10
    I read elsewhere that this diskutil command was gone, so it's still there? The next beta will probably reveal some more information about this new feature.
     
  11. djtech42 macrumors 65816

    djtech42

    Joined:
    Jun 23, 2012
    Location:
    West Chester, OH
    #11
    Just tried to disable rootless through the recovery partition and got this:
    [​IMG]
    I've never loathed Apple like I do now.
     
  12. redheeler macrumors 603

    redheeler

    Joined:
    Oct 17, 2014
    #12
    That did the trick for me, after adding the boot arg and restarting system files can be modified.
    The command for it is still there, but it's gone from the GUI.
     
  13. djtech42 macrumors 65816

    djtech42

    Joined:
    Jun 23, 2012
    Location:
    West Chester, OH
    #13
    What did you modify in order to test it? I'm still unable to modify system files.
     
  14. chrfr macrumors 603

    Joined:
    Jul 11, 2009
    #14
    diskutil is still there.
     
  15. netkas macrumors 65816

    Joined:
    Oct 2, 2007
    #15
    rootless is just Sandboxing everything, including bsd environment (bash and friends)

    if you try to change anything in /S/L/E (with or without rootless=0) and then look into dmesg output - you will see SAndbox info.
     
  16. thadoggfather Suspended

    thadoggfather

    Joined:
    Oct 1, 2007
    #16
    How do you get rootless back after you've disabled it with
    sudo nvram boot-args="kext-dev-mode=1 rootless=0"

    Thanks!
     
  17. BasicGreatGuy Contributor

    BasicGreatGuy

    Joined:
    Sep 21, 2012
    Location:
    In the middle of several books.
    #17
    sudo nvram -d boot-args
     
  18. thadoggfather Suspended

    thadoggfather

    Joined:
    Oct 1, 2007
    #18
    didnt seem to resolve my VPN client issues I was having by re-enabling rootless with that command.

    Thanks anyways
     
  19. PowerBook-G5 macrumors 65816

    PowerBook-G5

    Joined:
    Jul 30, 2013
    Location:
    The United States of America
    #19
    Question: with Rootless, can TRIM enabler still function, as well as programs such as SMC Fan Control and f.lux?
     
  20. crjackson2134 macrumors 68020

    crjackson2134

    Joined:
    Mar 6, 2013
    Location:
    Charlotte, NC
    #20
    My understanding is yes at least for Trim. Turn off rootless and put system in Dev mode. Enable Trim, then turn rootless on again (leaving in Dev mode though).
     
  21. djtech42 macrumors 65816

    djtech42

    Joined:
    Jun 23, 2012
    Location:
    West Chester, OH
    #21
    After reinstalling, I still get an error when I try to turn Rootless off. My computer is crippled.
     
  22. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #22
    I'm not on 10.11 but I am curious about rootless. I know apple is all about secrecy but having more info on this would be nice
     
  23. BasicGreatGuy Contributor

    BasicGreatGuy

    Joined:
    Sep 21, 2012
    Location:
    In the middle of several books.
    #23
    After inputing
    sudo nvram boot-args="rootless=0", disk utility still shows rootless enabled. Is it going to show enabled regardless?
     
  24. redheeler macrumors 603

    redheeler

    Joined:
    Oct 17, 2014
    #24
    As far as we know, it's designed to protect system files and folders from being deleted or modified even as root through Terminal. It can be disabled with a boot argument.
    It seems to, at least on the first beta.
     
  25. !!! macrumors 6502

    !!!

    Joined:
    Aug 5, 2013
    #25
    You need to reboot after you input the command to take effect.
     

Share This Page