Open deviantintegral opened 1 year ago
Hell. I don't get this error in 12.6. I wonder how to reproduce it.
Do you receive the same error if you try running the command manually?
No, I don't get the error when running in an iTerm window.
I tested logging out and back in just in case there was some issue with the new launchagent and sandboxing, but no luck there.
By quick googling ("macos kernel sandboxd rejected approval request"), I found possible solutions, like giving Full Disk Access to the script. Another idea is to try adding --no-quarantine
flag to the brew install
command.
I can't test whether this fixes the issue since I can't reproduce the error, even though SIP is enabled on my system.
Also, you may check the "Allow apps downloaded from" setting in System Preferences
> Security & Privacy
> General
.
@deviantintegral Try this Terminal command to reset relevant permissions:
tccutil reset SystemPolicySysAdminFiles
--no-quarantine flag
No luck here, or with granting full disk access.
Also, you may check the "Allow apps downloaded from" setting in System Preferences > Security & Privacy > General.
This is set to App Store and Identified Developers.
tccutil
TIL'ed! It figures its man page is spartan. This reset correctly, but I still get the above error.
On restart, I took a deeper look at the console logs: https://gist.github.com/deviantintegral/9be33c288ed98e23572c305840d2e354
I wonder if this error is causing stricter sandboxing? I'm not sure exactly what signature its referring to though given this is a shell script:
debug 09:20:00.863368-0400 syspolicyd signatures didn't match: 1647255843, 1647275625, /usr/local/Cellar/sudo-touchid/0.4/bin/sudo-touchid
I just installed this via homebrew, and it appears sandboxing is preventing sed from editing
/private/etc/pam.d/sudo
. I get the following in the console when runningsudo brew services start sudo-touchid
: