sudo rm -rf /System/Applications/

rm: /System/Applications/ Operation not permitted

If sudo <command> results in an “Operation not permitted” error, it’s not your computer.

#Apple #monopoly #ItsNotYourComputer

PS. Dear fediverse, no need to suggest alternatives, my daily driver is a StarLabs LabTop running @elementary and I dev cross-platform/web apps that I need to test on macOS and Windows also. Thank you.

@aral Not necessarily, SELinux or AppArmor could do the same, or the absence of CAP_DAC_OVERRIDE . But yes, let's not talk about corner cases ^^

@sheogorath @aral was about to mention selinux. Of course, you have the *choice* to run selinux.


@doenietzomoeilijk Not comparable to SIP…

With SELinux, the admin can write their own SELinux policies, and managing roles, to set their system as they need… There's isn't any 3rd party forcing their policies upon your system.

Meaning if you need to do a certain task (e.g. authorising a process to access a certain directory, assigning a role to a user…), you don't have to *disable* SELinux. As the admin, you can configure SELinux to allow you to do so.

@sheogorath @aral

· · Web · 2 · 0 · 0

@doenietzomoeilijk Unlike SIP, SELinux lets the admin do legitimate tasks on their own system, without having to lose the benefits of using SELinux…

@sheogorath @aral

@devnull @sheogorath @aral oh, I'm aware of the differences, it's just that selinux can catch you off guard with not allowing sudo'd activities if it's not set up correctly (or if you're trying to do something you shouldn't).

It's definitely different from sip in other respects.

Sign in to participate in the conversation
La Quadrature du Net - Mastodon - Media Fédéré est une serveur Mastodon francophone, géré par La Quadrature du Net.