On Sat, Jul 18, 2015 at 7:39 AM, Ben Gamari
I would like to understand the root-cause of the issue. It seems that OS X will now raise EPERM instead of EACCES when certain files are accessed. That being said, it's not at all clear to me which system call is failing or why. Could someone familiar with El Capitan describe what exactly is going on here?
The trace showed access("/usr/bin/ar", 2) => -1/EPERM (instead of -1/EACCES). http://apple.stackexchange.com/questions/193368/what-is-the-rootless-feature... appears relevant. Sounds to me like they automatically set a bunch of stuff immutable (chflags(1) schg flag; also see chflags(2), the underlying syscall) and bump the (equivalent of) securelevel so it can't be altered even by root after system boot. (Sadly, Apple did not bother to update the manpages to reflect launchd.) -- brandon s allbery kf8nh sine nomine associates allbery.b@gmail.com ballbery@sinenomine.net unix, openafs, kerberos, infrastructure, xmonad http://sinenomine.net