Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

tarf

macrumors newbie
Original poster
Jun 8, 2015
5
2
Rootless was rumored about a lot, but with the release there does not seem to be any additional information pertaining to it. Has anyone had any experience with it and what it is and how it works yet?
 
  • Like
Reactions: luke lau

MikhailT

macrumors 601
Nov 12, 2007
4,582
1,325
It was just a rumor, that's it.

It is possible it might have be the system integrity protection, this was mentioned today in the Platform State of the Union session.
 

oatman13

macrumors regular
Feb 14, 2013
233
72
Rootless was rumored about a lot, but with the release there does not seem to be any additional information pertaining to it. Has anyone had any experience with it and what it is and how it works yet?
It is in the OS... You cannot modify or delete system files even with SUDO.
 

dagamer34

macrumors 65816
May 1, 2007
1,359
101
Houston, TX
During the Platform State of the Union, it was referred to as "System Integrity Protection". But they didn't go into too terribly much detail than what we already knew (no overwriting system files).
 

mag01

macrumors regular
Apr 10, 2011
150
47
To disable the rootless protection, use something like
Code:
sudo nvram boot-args="rootless=0"
And better check your current boot args via
Code:
nvram -p
and then just add/modify the rootless argument.
 
Last edited:
  • Like
Reactions: Skoal and redheeler

colinwil

macrumors 6502
Nov 15, 2010
296
166
Reading, UK
Rootless was rumored about a lot, but with the release there does not seem to be any additional information pertaining to it. Has anyone had any experience with it and what it is and how it works yet?

To add to the helpful reply by mag01...

I just tried to change the .kext' extension for a file in /System/Library/Extensions to '.disable'. By default, Rootless prevents me from doing this - either from Finder or from Terminal using sudo mv.

I turned off Rootless using sudo nvram boot-args="rootless=0" in Terminal and rebooted. I was now able to change the file extension from within Get Info in Finder.

Once I'd renamed it, I turned rootless back on with sudo nvram -d boot-args
 

djtech42

macrumors 65816
Jun 23, 2012
1,447
56
Mason, OH
To add to the helpful reply by mag01...

I just tried to change the .kext' extension for a file in /System/Library/Extensions to '.disable'. By default, Rootless prevents me from doing this - either from Finder or from Terminal using sudo mv.

I turned off Rootless using sudo nvram boot-args="rootless=0" in Terminal and rebooted. I was now able to change the file extension from within Get Info in Finder.

Once I'd renamed it, I turned rootless back on with sudo nvram -d boot-args

The code snippet didn't work for me
 

KALLT

macrumors 603
Sep 23, 2008
5,361
3,378
To add to the helpful reply by mag01...

I just tried to change the .kext' extension for a file in /System/Library/Extensions to '.disable'. By default, Rootless prevents me from doing this - either from Finder or from Terminal using sudo mv.

I turned off Rootless using sudo nvram boot-args="rootless=0" in Terminal and rebooted. I was now able to change the file extension from within Get Info in Finder.

Once I'd renamed it, I turned rootless back on with sudo nvram -d boot-args

I wonder what will happen once you update your system. Since repair permissions is now part of the update procedure, among other things, it is possible that OS X either overwrites your changes or refuses to load.
 

w0lf

macrumors 65816
Feb 16, 2013
1,268
109
USA
I wonder what will happen once you update your system. Since repair permissions is now part of the update procedure, among other things, it is possible that OS X either overwrites your changes or refuses to load.

Most likely nothing out of the ordinary. Worst case scenario you would just have to re-enable rootless from the recovery partition.

You can also still repair permissions with
Code:
diskutil repairPermissions /
 

KALLT

macrumors 603
Sep 23, 2008
5,361
3,378
Most likely nothing out of the ordinary. Worst case scenario you would just have to re-enable rootless from the recovery partition.

You can also still repair permissions with
Code:
diskutil repairPermissions /

I read elsewhere that this diskutil command was gone, so it's still there? The next beta will probably reveal some more information about this new feature.
 

djtech42

macrumors 65816
Jun 23, 2012
1,447
56
Mason, OH
Most likely nothing out of the ordinary. Worst case scenario you would just have to re-enable rootless from the recovery partition.

You can also still repair permissions with
Code:
diskutil repairPermissions /
Just tried to disable rootless through the recovery partition and got this:
FGvYT93.jpg

I've never loathed Apple like I do now.
 
  • Like
Reactions: tarf

redheeler

macrumors G3
Oct 17, 2014
8,419
8,841
Colorado, USA
To disable the rootless protection, use something like
Code:
sudo nvram boot-args="rootless=0"
And better check your current boot args via
Code:
nvram -p
and then just add/modify the rootless argument.
That did the trick for me, after adding the boot arg and restarting system files can be modified.
I read elsewhere that this diskutil command was gone, so it's still there? The next beta will probably reveal some more information about this new feature.
The command for it is still there, but it's gone from the GUI.
 

djtech42

macrumors 65816
Jun 23, 2012
1,447
56
Mason, OH
That did the trick for me, after adding the boot arg and restarting system files can be modified.

The command for it is still there, but it's gone from the GUI.
What did you modify in order to test it? I'm still unable to modify system files.
 

chrfr

macrumors G5
Jul 11, 2009
13,520
7,043
I read elsewhere that this diskutil command was gone, so it's still there? The next beta will probably reveal some more information about this new feature.
diskutil is still there.
 

netkas

macrumors 65816
Oct 2, 2007
1,198
394
rootless is just Sandboxing everything, including bsd environment (bash and friends)

if you try to change anything in /S/L/E (with or without rootless=0) and then look into dmesg output - you will see SAndbox info.
 

thadoggfather

macrumors P6
Oct 1, 2007
15,548
16,279
How do you get rootless back after you've disabled it with
sudo nvram boot-args="kext-dev-mode=1 rootless=0"

Thanks!
 

thadoggfather

macrumors P6
Oct 1, 2007
15,548
16,279
didnt seem to resolve my VPN client issues I was having by re-enabling rootless with that command.

Thanks anyways
 

PowerBook-G5

macrumors 65816
Jul 30, 2013
1,243
1,179
Question: with Rootless, can TRIM enabler still function, as well as programs such as SMC Fan Control and f.lux?
 

maflynn

macrumors Haswell
May 3, 2009
73,470
43,392
I'm not on 10.11 but I am curious about rootless. I know apple is all about secrecy but having more info on this would be nice
 

redheeler

macrumors G3
Oct 17, 2014
8,419
8,841
Colorado, USA
I'm not on 10.11 but I am curious about rootless. I know apple is all about secrecy but having more info on this would be nice
As far as we know, it's designed to protect system files and folders from being deleted or modified even as root through Terminal. It can be disabled with a boot argument.
After inputing
sudo nvram boot-args="rootless=0", disk utility still shows rootless enabled. Is it going to show enabled regardless?
It seems to, at least on the first beta.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.