Apple Event: May 7th at 7 am PT

Learn more

Add to your calendar 

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Transini
Transini Author
User level: Level 1
140 points

SIP disallows my binaries to execute

Where does one place system-wide user binaries?


macOS 12.5.1 M1 Max


My Foundation-based "daemon" binary runs fine within Xcode and located in my own local directories, but when I try to place it into /opt/local/bin or /usr/local/bin, macOS SIP won't let it run from there:


proc 20514: load code signature error 2 for file "simprefix"

ASP: Security policy would not allow process: 20514, /usr/local/bin/simprefix


proc 20598: load code signature error 2 for file "simprefix"

ASP: Security policy would not allow process: 20598, /opt/local/bin/simprefix


Is there some attribute I'm supposed to grant the binary so it can be run?

Where are user binary files supposed to be placed for system-side use?

Mac Studio

Posted on Sep 23, 2022 5:08 PM

Reply
Question marked as Best reply
User profile for user: xnav
xnav
User level: Level 5
7,089 points

Posted on Sep 24, 2022 6:27 AM

Perhaps this applies:

Apple Developer Documentation



View in context

Similar questions

4 replies
User profile for user: Barney-15E
Barney-15E
User level: Level 10
112,818 points

Sep 24, 2022 5:18 AM in response to Transini

I’m not sure it is SIP stopping it, but it is part of the security model.


Im not certain how to overcome it, but some ideas.

Did you set the user:group to root:wheel?


How is it supposed to start “system-wide?” Is it a daemon or user agent—those should be launched by launchd using a plist in /Library/LaunchDaemons or /Library/LaunchAgents.


BBEdit and Python install their tools there, but they are symlinks to other locations. They are root:wheel.

Reply
User profile for user: etresoft
etresoft
User level: Level 8
46,560 points

Sep 24, 2022 5:56 AM in response to Transini

Transini wrote:

proc 20514: load code signature error 2 for file "simprefix"
ASP: Security policy would not allow process: 20514, /usr/local/bin/simprefix

proc 20598: load code signature error 2 for file "simprefix"
ASP: Security policy would not allow process: 20598, /opt/local/bin/simprefix

Is there some attribute I'm supposed to grant the binary so it can be run?
Where are user binary files supposed to be placed for system-side use?

As the error messages say, these executables need a signature.

Reply
User profile for user: Transini
Transini Author
User level: Level 1
140 points

Sep 24, 2022 12:38 PM in response to xnav

Yes, it was the Xcode app signing intricacies that prevented my binary from running from a system-wide location. The procedure outlined in the APD "Signing a Daemon with a Restricted Entitlement" works. I didn't realize things were so "locked down" these days that even a simple binary residing in /opt/local or /usr/local requires a signature.


Works great now. Thanks to all for your helpful replies!

Reply

SIP disallows my binaries to execute

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up