Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Rootless kernel level protection

redheeler

redheeler

macrumors G3
Oct 17, 2014
8,626
9,274
Colorado, USA
!!! said:
You need to reboot after you input the command to take effect.
Click to expand...
The question is asking if rootless still shows as enabled in Disk Utility. The answer is yes, even after a restart with rootless disabled.
Rootless.png
 
maflynn

maflynn

macrumors Haswell
May 3, 2009
73,682
43,740
I guess in theory its a nice to have feature and we need to further protect the system files, but I wonder if it will get in the way for us who like to dabble.

I understand it can be disabled - for now. The time may come where apple will remove that option from OS X.
 
  • Like
Reactions: !!!
L

legioxi

macrumors 6502a
Mar 2, 2013
644
76
maflynn said:
I guess in theory its a nice to have feature and we need to further protect the system files, but I wonder if it will get in the way for us who like to dabble.

I understand it can be disabled - for now. The time may come where apple will remove that option from OS X.
Click to expand...
I don't think it will be an issue. Those who dabble can disable it and those who don't can leave it on. If Apple ever revokes the ability to disable it, I think they'll see a mass exodus to Linux. Though I'd still buy their laptops... I just wouldn't run their OS or ecosystem.
 
maflynn

maflynn

macrumors Haswell
May 3, 2009
73,682
43,740
legioxi said:
think they'll see a mass exodus to Linux
Click to expand...
Even if apple locks down OS X to the degree that iOS is locked down, you'll not see a mass exodus to Linux. Linux has its place and its fans. I don't see it being a viable alternative to OS X regardless of what apple does.

An operating system's job is to run apps and there is a huge night and day difference of what you can run on OS X and linux. Even the dabblers as I called them would mostly stick with OS X.
 
  • Like
Reactions: Tucom and Nermal
xgman

xgman

macrumors 603
Aug 6, 2007
5,697
1,425
maflynn said:
Even if apple locks down OS X to the degree that iOS is locked down, you'll not see a mass exodus to Linux. Linux has its place and its fans. I don't see it being a viable alternative to OS X regardless of what apple does.

An operating system's job is to run apps and there is a huge night and day difference of what you can run on OS X and linux. Even the dabblers as I called them would mostly stick with OS X.
Click to expand...
Agreed, but could go over to win 10. Hopefully Apple won't go to far with this. We have managed just fine without rootless, and I'm sure we will be just fine with it disabled as long as there is a way.
 
M

MikhailT

macrumors 601
Nov 12, 2007
4,583
1,327
xgman said:
Agreed, but could go over to win 10. Hopefully Apple won't go to far with this. We have managed just fine without rootless, and I'm sure we will be just fine with it disabled as long as there is a way.
Click to expand...

I work in CS/QA, I know all of the horror stories of users who have done stuff they shouldn't be doing in the first place such as installing hax that modifies Finder, theme mods, and so on. The systems were just horrible and everything was just unstable. Once everything is cleanly installed and the users were told not to do these "tools" anymore, they were actually happier in the end with no issues.

This is the point of rootless, prevent the general public from installing tools that modifies the system files.

I would be okay with Apple disabling the option to disable rootless, I can almost guarantee it will not lose a noticeable amount of customers. People who need this, are most likely already dabbling with Linux or even using Windows on a separate partition or VM.

If anything, Apple will add more APIs in the end to allow certain devs do what they need to provide the same tool. For an example, Finder Extensions that allowed Dropbox to offer its integration in Finder without injecting itself. That API actually improved the overall experience for the Dropbox users in the end. In fact, Apple already offer an option for some devs to migrate their service in a way that disables rootless already.
 
MrNomNoms

MrNomNoms

macrumors 65816
Jan 25, 2011
1,159
296
Wellington, New Zealand
MikhailT said:
I work in CS/QA, I know all of the horror stories of users who have done stuff they shouldn't be doing in the first place such as installing hax that modifies Finder, theme mods, and so on. The systems were just horrible and everything was just unstable. Once everything is cleanly installed and the users were told not to do these "tools" anymore, they were actually happier in the end with no issues.

This is the point of rootless, prevent the general public from installing tools that modifies the system files.

I would be okay with Apple disabling the option to disable rootless, I can almost guarantee it will not lose a noticeable amount of customers. People who need this, are most likely already dabbling with Linux or even using Windows on a separate partition or VM.

If anything, Apple will add more APIs in the end to allow certain devs do what they need to provide the same tool. For an example, Finder Extensions that allowed Dropbox to offer its integration in Finder without injecting itself. That API actually improved the overall experience for the Dropbox users in the end. In fact, Apple already offer an option for some devs to migrate their service in a way that disables rootless already.
Click to expand...

The privacy and security session goes into more details - when you hear about what it does and how developers are meant to use best practice then for most people outside of people who tinker, it will actually be business as usual.
 
Pentad

Pentad

macrumors 6502a
Nov 26, 2003
986
99
Indiana
Rootless will be the first thing to go if I stay with OS X. I HATE iOS because it just cripples you as a user. God, I can't tell you how many times I want to modify the hosts file on my iPad and I can't. Ugg, the more OS X becomes like iOS I just cringe.




-P

El Capitan - Worst. Name. Ever.
Almost as bad as the new MacRumors Theme
 
  • Like
Reactions: g-7 and !!!
M

MikhailT

macrumors 601
Nov 12, 2007
4,583
1,327
MrNomNoms said:
The privacy and security session goes into more details - when you hear about what it does and how developers are meant to use best practice then for most people outside of people who tinker, it will actually be business as usual.
Click to expand...

It's on my list to watch, just waiting for Apple to post it.
 
SG-

SG-

macrumors regular
Jun 8, 2015
151
88
rootless sounds like the wrong name, there's still root and you can still do a bunch of things as root, you just can't modify important files in /System/Library and so on, at least for now. i wouldn't be surprised if they add a UI option to disable that in Security prefs just like how you aren't forced to only run signed or app store apps only even tho everyone was worried about it.

they probably should change it to system protection mode or something...
 
Nermal

Nermal

Moderator
Staff member
Dec 7, 2002
21,007
4,588
New Zealand
redheeler said:
The question is asking if rootless still shows as enabled in Disk Utility. The answer is yes, even after a restart with rootless disabled.
Click to expand...
My follow-up question is "why does an NVRAM argument show up in Disk Utility in the first place?"

Edit: Unless "Rootless enabled" means something like "Rootless-ready", ie. that the volume in question is compatible with Rootless.
 
Shirasaki

Shirasaki

macrumors P6
May 16, 2015
16,263
11,764
djtech42 said:
After reinstalling, I still get an error when I try to turn Rootless off. My computer is crippled.
Click to expand...
You can still modify any files stored on Mac partition from other systems, such as Windows. However you may need a third party software to enable access to that partition.
 
Shirasaki

Shirasaki

macrumors P6
May 16, 2015
16,263
11,764
crjackson2134 said:
Yeah, my thinking too. Boot Linux, make change, boot OS X.
Click to expand...
However if Apple implement system integrity check and prevent from booting up once detected unauthorised system file change, this could be another problem, for advanced users. (Such as hackers)
 
crjackson2134

crjackson2134

macrumors 601
Mar 6, 2013
4,847
1,957
Charlotte, NC
Shirasaki said:
However if Apple implement system integrity check and prevent from booting up once detected unauthorised system file change, this could be another problem, for advanced users. (Such as hackers)
Click to expand...

No argument there, we'll just have wait and see.

It's not a deal breaker for me, I'm booting an Apple/Samsung SSD blade, so I'm good either way.
 
Shirasaki

Shirasaki

macrumors P6
May 16, 2015
16,263
11,764
crjackson2134 said:
No argument there, we'll just have wait and see.

It's not a deal breaker for me, I'm booting an Apple/Samsung SSD blade, so I'm good either way.
Click to expand...
Yeah.
Maybe next or third beta could tell us more, and we will finally know what it would be in this fall.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom