Mark
07/25/2019, 2:31 PMMike Myers
08/07/2019, 7:12 PMMark
08/09/2019, 2:41 AMMike Myers
08/09/2019, 6:35 PMsharvil
08/13/2019, 4:51 PMauth
), the client can decide whether to allow
or deny
those — example of deny
on mount
below
• Lacking in documentation, but headers are commented and helpful
• Buggy right now, I think there might be a few race conditions in endpointsecurityd
. In some instances there is a performance drag too. And an odd kernel panic too.
• Will require codesigning and entitlements, production release will require a provisioning cert from Apple
• There are a total of 44 events currently, but subscription is capped at 16. Subscribing to more than a handful of events seriously degrades the performance of the machine and the cpu is at 99%
• Can be a firehose, the events are granular, and the challenge will be to collate theseMike Myers
08/13/2019, 6:19 PMsharvil
08/14/2019, 3:20 AMmute
APIs, which can mute by path
, path_prefix
or path_literal
. That might help a bit. Although I haven’t been able to use them — there is a known issue in beta 5
Using APIs related to muting by paths and path prefixes might cause the kernel to panic. (53517643)
Mike Myers
08/14/2019, 4:28 PM.pkg
during our releases, but that's a separate discussion