Rootless kernel level protection

redheeler

macrumors 604
Oct 17, 2014
7,463
7,058
You need to reboot after you input the command to take effect.
The question is asking if rootless still shows as enabled in Disk Utility. The answer is yes, even after a restart with rootless disabled.
Rootless.png
 

maflynn

Moderator
Staff member
May 3, 2009
64,089
30,685
Boston
I guess in theory its a nice to have feature and we need to further protect the system files, but I wonder if it will get in the way for us who like to dabble.

I understand it can be disabled - for now. The time may come where apple will remove that option from OS X.
 
  • Like
Reactions: !!!

legioxi

macrumors 6502a
Mar 2, 2013
639
75
I guess in theory its a nice to have feature and we need to further protect the system files, but I wonder if it will get in the way for us who like to dabble.

I understand it can be disabled - for now. The time may come where apple will remove that option from OS X.
I don't think it will be an issue. Those who dabble can disable it and those who don't can leave it on. If Apple ever revokes the ability to disable it, I think they'll see a mass exodus to Linux. Though I'd still buy their laptops... I just wouldn't run their OS or ecosystem.
 

kwokaaron

macrumors 6502a
Sep 20, 2013
530
144
Since OS X did get the rootless feature, is it safe to assume that iOS 9 has it implemented as well?
 

maflynn

Moderator
Staff member
May 3, 2009
64,089
30,685
Boston
think they'll see a mass exodus to Linux
Even if apple locks down OS X to the degree that iOS is locked down, you'll not see a mass exodus to Linux. Linux has its place and its fans. I don't see it being a viable alternative to OS X regardless of what apple does.

An operating system's job is to run apps and there is a huge night and day difference of what you can run on OS X and linux. Even the dabblers as I called them would mostly stick with OS X.
 
  • Like
Reactions: Tucom and Nermal

xgman

macrumors 601
Aug 6, 2007
4,785
609
Even if apple locks down OS X to the degree that iOS is locked down, you'll not see a mass exodus to Linux. Linux has its place and its fans. I don't see it being a viable alternative to OS X regardless of what apple does.

An operating system's job is to run apps and there is a huge night and day difference of what you can run on OS X and linux. Even the dabblers as I called them would mostly stick with OS X.
Agreed, but could go over to win 10. Hopefully Apple won't go to far with this. We have managed just fine without rootless, and I'm sure we will be just fine with it disabled as long as there is a way.
 

MikhailT

macrumors 601
Nov 12, 2007
4,334
832
Agreed, but could go over to win 10. Hopefully Apple won't go to far with this. We have managed just fine without rootless, and I'm sure we will be just fine with it disabled as long as there is a way.
I work in CS/QA, I know all of the horror stories of users who have done stuff they shouldn't be doing in the first place such as installing hax that modifies Finder, theme mods, and so on. The systems were just horrible and everything was just unstable. Once everything is cleanly installed and the users were told not to do these "tools" anymore, they were actually happier in the end with no issues.

This is the point of rootless, prevent the general public from installing tools that modifies the system files.

I would be okay with Apple disabling the option to disable rootless, I can almost guarantee it will not lose a noticeable amount of customers. People who need this, are most likely already dabbling with Linux or even using Windows on a separate partition or VM.

If anything, Apple will add more APIs in the end to allow certain devs do what they need to provide the same tool. For an example, Finder Extensions that allowed Dropbox to offer its integration in Finder without injecting itself. That API actually improved the overall experience for the Dropbox users in the end. In fact, Apple already offer an option for some devs to migrate their service in a way that disables rootless already.
 

MrNomNoms

macrumors 65816
Jan 25, 2011
1,132
249
Wellington, New Zealand
I work in CS/QA, I know all of the horror stories of users who have done stuff they shouldn't be doing in the first place such as installing hax that modifies Finder, theme mods, and so on. The systems were just horrible and everything was just unstable. Once everything is cleanly installed and the users were told not to do these "tools" anymore, they were actually happier in the end with no issues.

This is the point of rootless, prevent the general public from installing tools that modifies the system files.

I would be okay with Apple disabling the option to disable rootless, I can almost guarantee it will not lose a noticeable amount of customers. People who need this, are most likely already dabbling with Linux or even using Windows on a separate partition or VM.

If anything, Apple will add more APIs in the end to allow certain devs do what they need to provide the same tool. For an example, Finder Extensions that allowed Dropbox to offer its integration in Finder without injecting itself. That API actually improved the overall experience for the Dropbox users in the end. In fact, Apple already offer an option for some devs to migrate their service in a way that disables rootless already.
The privacy and security session goes into more details - when you hear about what it does and how developers are meant to use best practice then for most people outside of people who tinker, it will actually be business as usual.
 

Pentad

macrumors 6502a
Nov 26, 2003
985
94
Indiana
Rootless will be the first thing to go if I stay with OS X. I HATE iOS because it just cripples you as a user. God, I can't tell you how many times I want to modify the hosts file on my iPad and I can't. Ugg, the more OS X becomes like iOS I just cringe.




-P

El Capitan - Worst. Name. Ever.
Almost as bad as the new MacRumors Theme
 
  • Like
Reactions: g-7 and !!!

MikhailT

macrumors 601
Nov 12, 2007
4,334
832
The privacy and security session goes into more details - when you hear about what it does and how developers are meant to use best practice then for most people outside of people who tinker, it will actually be business as usual.
It's on my list to watch, just waiting for Apple to post it.
 

SG-

macrumors regular
Jun 8, 2015
107
65
rootless sounds like the wrong name, there's still root and you can still do a bunch of things as root, you just can't modify important files in /System/Library and so on, at least for now. i wouldn't be surprised if they add a UI option to disable that in Security prefs just like how you aren't forced to only run signed or app store apps only even tho everyone was worried about it.

they probably should change it to system protection mode or something...
 

Nermal

Moderator
Staff member
Dec 7, 2002
18,690
1,185
New Zealand
The question is asking if rootless still shows as enabled in Disk Utility. The answer is yes, even after a restart with rootless disabled.
My follow-up question is "why does an NVRAM argument show up in Disk Utility in the first place?"

Edit: Unless "Rootless enabled" means something like "Rootless-ready", ie. that the volume in question is compatible with Rootless.
 

Shirasaki

macrumors G3
May 16, 2015
9,478
3,464
After reinstalling, I still get an error when I try to turn Rootless off. My computer is crippled.
You can still modify any files stored on Mac partition from other systems, such as Windows. However you may need a third party software to enable access to that partition.
 

Shirasaki

macrumors G3
May 16, 2015
9,478
3,464
Yeah, my thinking too. Boot Linux, make change, boot OS X.
However if Apple implement system integrity check and prevent from booting up once detected unauthorised system file change, this could be another problem, for advanced users. (Such as hackers)
 

crjackson2134

macrumors 601
Mar 6, 2013
4,579
1,681
Charlotte, NC
However if Apple implement system integrity check and prevent from booting up once detected unauthorised system file change, this could be another problem, for advanced users. (Such as hackers)
No argument there, we'll just have wait and see.

It's not a deal breaker for me, I'm booting an Apple/Samsung SSD blade, so I'm good either way.
 

Shirasaki

macrumors G3
May 16, 2015
9,478
3,464
No argument there, we'll just have wait and see.

It's not a deal breaker for me, I'm booting an Apple/Samsung SSD blade, so I'm good either way.
Yeah.
Maybe next or third beta could tell us more, and we will finally know what it would be in this fall.