System Integrity Protection Bug

Discussion in 'OS X El Capitan (10.11)' started by abcdefg12345, Dec 9, 2015.

  1. abcdefg12345 macrumors regular

    abcdefg12345

    Joined:
    Jul 10, 2013
    #1
    Is it just me or is SIP bugged.

    1. disable SIP from recovery terminal csrutil disable
    2. check status and it says disabled
    3. boot to main system and check status and it says disabled
    3. update Xcode and open it up and let it install components
    4. check for SIP status on main system and it says enabled
    5. boot to recover and check status and it says disabled
    6. boot back to main system and it says enabled
    7. boot to recovery and run csrutil disable even though it is already disabled
    8. boot back to main system and check status and it says enabled
    9. install os x on top of the one u already have
    10. check status and it says disabled
    11. open Xcode and it reinstalls components then same problem SIP enabled even though it is disabled

    long story short
    csrutil status shows disabled in recovery and enabled on main system

    the heck is going on, is it a safety feature apple force enabling SIP on macs with Xcode installed or is it a bug which apple engineers aren't skilled enough to fix.

    using 13 inch early 2011 MBP 10.11.2 and same problem occurring since 10.11
     
  2. felt., Dec 9, 2015
    Last edited: Dec 9, 2015

    felt. macrumors 6502a

    Joined:
    Mar 13, 2008
    Location:
    Canada
  3. abcdefg12345 thread starter macrumors regular

    abcdefg12345

    Joined:
    Jul 10, 2013
    #3
    this is a really odd and annoying bug, any idea on what might be going on

    could it be because i got 2 hard drives

    macintosh hd :10.11.2
    macintosh hd 2 :10.11.1
    bootcamp :windows :10

    even tried clean install and it didn't get fixed
    Screen Shot 2015-12-10 at 2.12.14 AM.png
    Screen Shot 2015-12-10 at 2.16.04 AM.png
     
  4. b0fh666 macrumors 6502a

    b0fh666

    Joined:
    Oct 12, 2012
    Location:
    south
    #4
    csrutil flags are written in nvram, does not matter what you but unless the OS touches the key.
     
  5. abcdefg12345 thread starter macrumors regular

    abcdefg12345

    Joined:
    Jul 10, 2013
    #5
    any ideas on what i should do then, i need SIP to be turned off but whatever i do doesn't seem to work, recovery shows that its turned off and main os shows its turned on.
     
  6. chrfr macrumors 603

    Joined:
    Jul 11, 2009
    #7
    You don't need to turn off SIP to install Xcode or any of its components. If you're having trouble getting these installed otherwise, there's something else wrong with your system.
     
  7. abcdefg12345 thread starter macrumors regular

    abcdefg12345

    Joined:
    Jul 10, 2013
    #8
    Not having problems installing Xcode, what I'm trying to do is enable handoff on an early 2011 mac i already replaced the bt/wifi card since yosemite and it was working fine with CAT however now i can't use it because of SIP is not getting disabled.
     
  8. KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #9
  9. chrfr macrumors 603

    Joined:
    Jul 11, 2009
    #10
    I suspect this doesn't actually work, but I'm not really interested in trying it on any of my computers.
     
  10. xgman macrumors 601

    xgman

    Joined:
    Aug 6, 2007
    #11
    I'm getting the pesky xtrafinder system integrity message too now. When the xtrafinder preferences screen opens it does work and SIP is obviously disabled, but the message persists. Drivin me a little nuts...
     
  11. abcdefg12345 thread starter macrumors regular

    abcdefg12345

    Joined:
    Jul 10, 2013
    #12
    i booted to recovery did a csrutil clear and disabled firmware password and did a NVRAM reset, then booted back to recovery and successfully ran csrutil disable and turned firmware password back on, however booting back to my system still shows that SIP is enabled, even though recovery still shows disabled.
     
  12. leman macrumors 604

    Joined:
    Oct 14, 2008
    #14
    Well, SIP is not really designed to be disabled (except on dev machines who do kext development), so even if you have found (what sounds like a very obscure) bug, I doubt that there is any priority in fixing it.
     
  13. simon lefisch macrumors 6502a

    simon lefisch

    Joined:
    Sep 29, 2014
    #15
    Have you tried running CAT since you disabled SIP in recovery? If so and it is still not working, uninstall/reinstall CAT and try running it again. I had that happen to me once and reinstalling it worked.
     
  14. KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #16
    Have you tested whether SIP is actually disabled? During the beta, the system didn't always report this correctly. You can try out by copying a file into the System folder (password required).
     
  15. abcdefg12345, Dec 12, 2015
    Last edited: Dec 12, 2015

    abcdefg12345 thread starter macrumors regular

    abcdefg12345

    Joined:
    Jul 10, 2013
    #17
    i tried that, i can't copy or delete files in system folder, so it is reporting it correctly,

    My theory:
    1. Apple releases first beta of Yosemite
    2. Handoff requires BT4 so older macs can't use it
    3. People replace WIFI/BT card, and it works
    5. Apple blacklists older macs so that it wouldn't work even if u have compatible hardware (they want an extra $1 thousand to their $200 billion = greedy)
    6. CAT comes out and people hack the system files to enable Handoff
    7. Apple releases El Capitan with SIP
    8. People disable SIP and install run CAT anyways
    9. Apple secretly blocks older macs from disabling SIP, and pretend its a bug they don't know about.
    10. when all else fails, i don't care about new security features and i don't care about shake mouse pointer to locate, i end up downgrading to Yosemite
    11. I win the war against Apple, enabling my mac to run the things that my hardware is compatible with.
    12. We need Taylor Swift to shame apple again.

    :)


    Screen Shot 2015-12-12 at 7.09.18 PM.png
     
  16. KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #18
    @abcdefg12345: Even in Yosemite, Finder won't let you delete those files. That's why I asked: add something to the System folder.

    Try the command line instead:
    Code:
    cd /System && sudo touch test.txt; ls -A

    What does it say? When you run "csrutil status" from the same Terminal, what does it say?
     
  17. abcdefg12345 thread starter macrumors regular

    abcdefg12345

    Joined:
    Jul 10, 2013
    #19
    Code:
    cd /System && sudo touch test.txt; ls -A
    asks for password then it says
    Code:
    touch: test.txt: Operation not permitted
    .localized    Library
    running csrutil status in recovery terminal says:
    System Integrity Protection status: disabled.

    running csrutil status in main system terminal says:
    System Integrity Protection status: enabled.

    driving me nuts.
     
  18. gr4z macrumors regular

    Joined:
    Aug 7, 2010
    Location:
    England
    #20
    Did you find a fix for this? I have exactly the same issue with El Cap.

    Driving me nuts as well with Xtrafinder!
     
  19. KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #21
    Same setup as the OP with multiple disks? Have you reset your NVRAM as I posted above?
     
  20. abcdefg12345 thread starter macrumors regular

    abcdefg12345

    Joined:
    Jul 10, 2013
    #22
    nope, but whenever i update my mac terminal shows SIP is off then after few restarts its back on again.

    do u have dark boot installed, i think this is whats causing the issue because after 10.11.3 update SIP showed off then when i installed dark boot it went back on again.
     
  21. KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #23
    Wait... did you use that the whole time while we were troubleshooting?
     
  22. gr4z macrumors regular

    Joined:
    Aug 7, 2010
    Location:
    England
    #24
    No dark boot here.

    Will try another reset as above and see if that works.
     
  23. abcdefg12345 thread starter macrumors regular

    abcdefg12345

    Joined:
    Jul 10, 2013
    #25
    I updated to 10.11.4 and i didn't install dark boot this time and its been showing as SIP off for the past 3 days, so i think dark boot is whats causing the bug.
     

Share This Page