Credits: https://github.com/koekeishiya/yabai/wiki/Disabling-System-Integrity-Protection
Last active
February 14, 2023 13:27
-
-
Save darwin/8e9192f0f2996b0f77c103e6bade1d9f to your computer and use it in GitHub Desktop.
TotalFinder: `csrutil enable --without debug --without fs` no longer works as expected under macOS 11.x
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# in recovery mode | |
❯ csrutil enable --without debug | |
# note that prior macOS 11.0 this would disable "Debugging Restrictions" | |
# since macOS 11.0 it seems to be disabling "Apple Internal" and "Filesystem Protections" | |
❯ csrutil status | |
System Integrity Protection status: unknown (Custom Configuration). | |
Configuration: | |
Apple Internal: disabled | |
Kext Signing: enabled | |
Filesystem Protections: disabled | |
Debugging Restrictions: enabled | |
DTrace Restrictions: enabled | |
NVRAM Protections: enabled | |
BaseSystem Verification: enabled | |
This is an unsupported configuration, likely to break in the future and leave your machine in an unknown state. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# in recovery mode | |
❯ csrutil disable --with kext --with dtrace --with nvram --with basesystem | |
# this seems to do what we wanted, not sure what Apple Internal does | |
❯ csrutil status | |
System Integrity Protection status: unknown (Custom Configuration). | |
Configuration: | |
Apple Internal: disabled | |
Kext Signing: enabled | |
Filesystem Protections: disabled | |
Debugging Restrictions: disabled | |
DTrace Restrictions: enabled | |
NVRAM Protections: enabled | |
BaseSystem Verification: enabled | |
This is an unsupported configuration, likely to break in the future and leave your machine in an unknown state. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
❯ sw_vers | |
ProductName: macOS | |
ProductVersion: 11.1 | |
BuildVersion: 20C5048k |
My observation is that csrutil enable --without debug
actually still works correctly. In my case, I'm using it to disable the disablement of the DYLD_* environment variables. I also see the wrong csrutil status
output that you show. But I think it's actually the status output that is wrong, not what the enable
/disable
commands do.
The workaround works on Monterey too. GJ.
Does this mean one can install and use totalfinder with this workaround?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Finally. This solution works with debugging restrictions. Thx.