On Sat, Jul 18, 2015 at 7:39 AM, Ben Gamari <ben@well-typed.com> wrote:

I would like to understand the root-cause of the issue. It seems that
OS X will now raise EPERM instead of EACCES when certain files are
accessed. That being said, it's not at all clear to me which system call
is failing or why. Could someone familiar with El Capitan describe what
exactly is going on here?

The trace showed access("/usr/bin/ar", 2) => -1/EPERM (instead of -1/EACCES).

http://apple.stackexchange.com/questions/193368/what-is-the-rootless-feature-in-el-capitan-really appears relevant. Sounds to me like they automatically set a bunch of stuff immutable (chflags(1) schg flag; also see chflags(2), the underlying syscall) and bump the (equivalent of) securelevel so it can't be altered even by root after system boot. (Sadly, Apple did not bother to update the manpages to reflect launchd.)

--

brandon s allbery kf8nh sine nomine associates

allbery.b@gmail.com ballbery@sinenomine.net

unix, openafs, kerberos, infrastructure, xmonad http://sinenomine.net