General: DevForums subtopic: App & System Services > Core OS Core OS is a catch-all subtopic for low-level APIs that don’t fall into one of these more specific areas: Processes & Concurrency Resources Files and Storage Resources Networking Resources Network Extension Resources Security Resources Virtualization Resources Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com"

We're seeing limitations in host -> macOS VM changes syncing. Were using Anka, but we've also tried others. We're actually doing the exact implementation that others (the ones we found that are open source) do. Here is a breakdown of what's supported: Operation Direction Supported Notes Create new file/folder Host → Guest ✅ Yes New paths appear in the guest Create new file/folder Guest → Host ✅ Yes New paths appear on the host Read existing contents Host → Guest ✅ Yes Contents present at mount time are visible Modify file in place Guest → Host ✅ Yes Guest edits are written through to the host Modify file in place Host → Guest ❌ No Guest keeps stale contents for already-accessed files (macOS virtiofs caching) Delete file/folder Guest → Host ✅ Yes Removal is reflected on the host Delete file/folder Host → Guest ❌ No Guest still sees the path after the host deletes it (cached) Replace via temp + rename() (atomic) Host → Guest ✅ Yes New inode/dentry; recommended way to update files from the host We're requesting a way to disable caching and/or allow the unsupported actions in the table to be supported. https://feedbackassistant.apple.com/feedback/22905515

We are investigating an intermittent package installation failure on macOS Tahoe 26.5 and are trying to understand the conditions under which PackageKit may return the following errors during an upgrade installation: PKInstallErrorDomain Code=120 NSPOSIXErrorDomain Code=1 ("Operation not permitted") The package successfully passes validation and authorization, and pre-install scripts complete successfully. The failure occurs during the final PackageKit commit phase when PackageKit attempts to move/relink content from the installer sandbox to the destination volume. Relevant log snippets: PackageKit: Shoving /Root to / Error relinking file (primary): .../Contents/_CodeSignature/CodeResources failed _relinkFile(...) Operation not permitted PackageKit: Install Failed: Error Domain=PKInstallErrorDomain Code=120 NSUnderlyingError: Error Domain=NSPOSIXErrorDomain Code=1 "Operation not permitted" The issue is intermittent and only affects a subset of systems. The same package installs successfully on many machines running the same macOS version. Has anyone encountered similar _relinkFile / CodeResources failures during package upgrades? In particular, we are interested in understanding: Common causes of NSPOSIXErrorDomain Code=1 during PackageKit relink operations. Whether existing signed application bundle metadata (CodeResources) can cause relink failures during upgrades. Any Installer or PackageKit changes in recent Tahoe releases that could affect bundle replacement during package installation. Any insights would be appreciated.

What I'm building An FSUnaryFileSystem that projects a large, read-mostly tree of existing on-disk files into a sandbox namespace — a build sandbox that lays out an action's declared inputs and points outputs at host scratch. This is squarely the "replace a third-party kext (macFUSE-style) with FSKit" use case, and it's a projection/overlay filesystem: nearly every file the volume serves is just a view of a regular file that already exists on a local APFS volume. The problem For file content, the only available path for a file-backed (non-block-device) volume is FSVolumeReadWriteOperations — every read that misses UBC is an XPC round-trip into my extension, where I memcpy from the backing file into the kernel buffer. The kernel already has, or could trivially open, the backing file; instead each page-in becomes: pagein → IPC → extension read → copy → return. FSVolumeKernelOffloadedIOOperations looks like the intended fast path, but it's built around FSBlockDeviceResource — i.e. it assumes the volume is backed by a block device the kernel can do extent I/O against. A projection over regular files has no block device, so there's no way to say "this item is backed by host file X — kernel, please do I/O directly against X and skip my process." What I measured In one representative build action my volume serves ~440 files and the kernel issues ~630 read RPCs (cold). A real build runs thousands of such actions, so this is on the order of millions of round-trips and buffer copies per build, for data that is already sitting in the host page cache. UBC absorbs repeats, but cold reads, cache eviction under memory pressure, and large sequential reads all pay the full RPC+copy cost. It dominates the I/O profile. The ask A passthrough/offload API for file-backed volumes: let the extension associate an FSItem with a backing file descriptor (or vnode) and have the kernel perform reads — and optionally writes — directly against the backing file, bypassing the userspace round-trip. Per-item, opt-in, and read-only-only would already be a huge win for projection/overlay workloads. This is exactly the model that already exists on other platforms: Linux FUSE passthrough (FUSE_PASSTHROUGH, backing-id via FUSE_DEV_IOC_BACKING_OPEN, mainline since 6.9): a FUSE daemon registers a backing fd and the kernel routes I/O straight to it. Windows Projected File System (ProjFS): content is hydrated/served from a provider-supplied source without a per-read user-space hop. FSKit is positioned as the supported replacement for kext-based filesystems, and projection/overlay/caching filesystems are a primary motivation for it — yet those are precisely the volumes that need zero-copy passthrough to be viable at scale. The block-device offload path covers disk-image-style filesystems; the gap is the file-backed case.

I'm trying to implement a VM snapshot & resume feature in a VM manager app. For some reason, both saveMachineStateTo and restoreMachineStateFrom to save machine memory to a file and restore saved vzstate/memory back for a VM is taking a lot of time on my system (XCode 26.3, macOS 15.7.7). The test VM has only sizes in the range of 4-8GB RAM. Any tips or tricky to speed it up, for example, do like a CoW on the RAM so VM can be briefly paused and quickly resumed after while streaming the RAM in background? Or, any other ways for example for RAM compression, dirty-page tracking, or live/background RAM streaming to a file? Or, to instrument and dig deeper, what's taking time? Thank you.

Hi there, I have an SwiftUI app that opens a user selected audio file (wave). For each audio file an additional file exists containing events that were extracted from the audio file. This additional file has the same filename and uses the extension bcCalls. I load the audio file using FileImporter view modifier and within access the audio file with a security scoped bookmark. That works well. After loading the audio I create a CallsSidecar NSFilePresenter with the url of the audio file. I make the presenter known to the NSFileCoordinator and upon this add it to the FileCoordinator. This fails with NSFileSandboxingRequestRelatedItemExtension: Failed to issue extension for; Error Domain=NSPOSIXErrorDomain Code=3 "No such process" My Info.plist contains an entry for the document with NSIsRelatedItemType set to YES I am using this kind of FilePresenter code in various live apps developed some years ago. Now when starting from scratch on a fresh macOS26 system with most current Xcode I do not manage to get it running. Any ideas welcome! Here is the code: struct ContentView: View { @State private var sonaImg: CGImage? @State private var calls: Array<CallMeasurements> = Array() @State private var soundContainer: BatSoundContainer? @State private var importPresented: Bool = false var body: some View { VStack { Image(systemName: "globe") .imageScale(.large) .foregroundStyle(.tint) Text("Hello, world!") if self.sonaImg != nil { Image(self.sonaImg!, scale: 1.0, orientation: .left, label: Text("Sonagram")) } if !(self.calls.isEmpty) { List(calls) {aCall in Text("\(aCall.callNumber)") } } Button("Load sound file") { importPresented.toggle() } } .fileImporter(isPresented: $importPresented, allowedContentTypes: [.audio, UTType(filenameExtension: "raw")!], onCompletion: { result in switch result { case .success(let url): let gotAccess = url.startAccessingSecurityScopedResource() if !gotAccess { return } if let soundContainer = try? BatSoundContainer(with: url) { self.soundContainer = soundContainer self.sonaImg = soundContainer.overviewSonagram(expectedWidth: 800) let callsSidecar = CallsSidecar(withSoundURL: url) let data = callsSidecar.readData() print(data) } url.stopAccessingSecurityScopedResource() case .failure(let error): // handle error print(error) } }) .padding() } } The file presenter according to the WWDC 19 example: class CallsSidecar: NSObject, NSFilePresenter { lazy var presentedItemOperationQueue = OperationQueue.main var primaryPresentedItemURL: URL? var presentedItemURL: URL? init(withSoundURL audioURL: URL) { primaryPresentedItemURL = audioURL presentedItemURL = audioURL.deletingPathExtension().appendingPathExtension("bcCalls") } func readData() -> Data? { var data: Data? var error: NSError? NSFileCoordinator.addFilePresenter(self) let coordinator = NSFileCoordinator.init(filePresenter: self) NSFileCoordinator.addFilePresenter(self) coordinator.coordinate(readingItemAt: presentedItemURL!, options: [], error: &error) { url in data = try! Data.init(contentsOf: url) } return data } } And from Info.plist <key>CFBundleDocumentTypes</key> <array> <dict> <key>CFBundleTypeExtensions</key> <array> <string>bcCalls</string> </array> <key>CFBundleTypeName</key> <string>bcCalls document</string> <key>CFBundleTypeRole</key> <string>None</string> <key>LSHandlerRank</key> <string>Alternate</string> <key>LSItemContentTypes</key> <array> <string>com.apple.property-list</string> </array> <key>LSTypeIsPackage</key> <false/> <key>NSIsRelatedItemType</key> <true/> </dict> <dict> <key>CFBundleTypeExtensions</key> <array> <string>wav</string> <string>wave</string> </array> <key>CFBundleTypeName</key> <string>Windows wave</string> <key>CFBundleTypeRole</key> <string>Editor</string> <key>LSHandlerRank</key> <string>Alternate</string> <key>LSItemContentTypes</key> <array> <string>com.microsoft.waveform-audio</string> </array> <key>LSTypeIsPackage</key> <integer>0</integer> <key>NSDocumentClass</key> <string></string> </dict> </array> Note that BatSoundContainer is a custom class for loading audio of various undocumented formats as well as wave, Flac etc. and this is working well displaying a sonogram of the audio. Thx, Volker

I updated my OS to Tahoe 26.5 several days ago. Now, I'm developing a new macOS application under it. What I notice about it is that it can take the application at several seconds to select a file or a folder with NSSavePanel, NSOpenPanel and .fileImporter. First, I thought it's just my application. But it's not. Preview acts the same. First, a progress wheel keeps rolling several seconds. Then it will disappear, and you won't be able to select a folder for another several seconds. Why do they make it more difficult to use every time they release a new OS version? Why don't Reviewers notice when they test it? Wait for 10 seconds or more just to select a file or a folder? It's disappointing. I wish I could go back to macOS 15.7.

We are working on an HCE application following your documentation. Almost everything is working fine except that we encounter a crash when using CardSession.init() method. We are calling CardSession.isEligible() before CardSession.init(). This crash is random and affects very few user and we did not find a way yet to reproduce this crash on our side. Our theory is CardSession.isEligible() is doing thing under the hood and make CardSession.init() cause a crash, but that just our theory. Here are some stacks : CoreNFC/NFCCardSession.swift:431: Fatal error: Previous session exists 0 libswiftCore.dylib   0x000000019ed73800 _assertionFailure(_:_:file:line:flags:) + 168 (AssertCommon.swift:171) 1 CoreNFC   0x000000025b99f630 NFCCardSession.startSession() + 296 (NFCCardSession.swift:431) 2 CoreNFC   0x000000025b994771 CardSession.begin() + 1 (CardSession.swift:337) 3 CoreNFC   0x000000025b99427d CardSession.init() + 1 (CardSession.swift:320) 4 Paiement Mobile   0x000000010197f345 HceNativeSDK.startCardSession() + 1

Installing ZFSFSKit.appex ? /Library/ExtensionKit/Extensions/ Substituting real Mach-O (libtool wrapper ? .libs/ZFSFSKit) Installing zfs.fs ? /Library/Filesystems/ mount_zfs: Mach-O 64-bit executable arm64 Done. Signing (before pluginkit, so it sees a valid signature)... Re-signing /Library/ExtensionKit/Extensions/ZFSFSKit.appex ad-hoc (no identity). Note: requires amfi_get_out_of_my_way=1 in boot-args. Team ID: ADHOC /Library/ExtensionKit/Extensions/ZFSFSKit.appex: replacing existing signature Done. Signature: Identifier=org.openzfsonosx.filesystems.zfs.fsext Signature=adhoc TeamIdentifier=not set Entitlements: <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "https://www.apple.com/DTDs/PropertyList-1.0.dtd"><plist version="1.0"><dict><key>com.apple.application-identifier</key><string>ADHOC.org.openzfsonosx.filesystems.zfs.fsext</string><key>com.apple.developer.fskit.fsmodule</key><true/><key>com.apple.developer.team-identifier</key><string>ADHOC</string><key>com.apple.security.app-sandbox</key><true/></dict></plist> Registering with pluginkit... pluginkit -a done. Restarting fskitd... # sudo pluginkit -v -m -p com.apple.fskit.fsmodule + org.openzfsonosx.filesystems.zfs.fsext((null)) 6A12A41280FB-4190-B957-FA94DC89BB1E 2026-05-29 01:17:58 +0000 /Library/ExtensionKit/Extensions/ZFSFSKit.appex # sudo mkdir /Volumes/tank # sudo mount -F -t zfs /dev/disk4 /Volumes/tank # ls -la /Volumes/tank total 3 drwxr-xr-x 3 lundman staff 4 May 29 09:21 . drwxr-xr-x 4 root wheel 128 May 29 10:18 .. -rw-r--r-- 1 lundman staff 11 May 29 09:21 file.txt drwxr-xr-x 2 lundman staff 2 May 29 09:21 HelloWorld # cat /Volumes/tank/file.txt HelloWorld Even though FSKit isn't quite ready, I built a proof-of-concept FSKit extension to understand what the migration path looks like. This post shares what we got working, specific technical findings that weren't documented, and the gaps we hit that would need Apple's attention for a production implementation. Luckily, OpenZFS already compiles in userland for the "zdb" utility so not much work was required on that side. There were certain amount of desperation applied when we came across hurdles, so possibly some assumptions we formed are not correct. (We didn't go back and confirm the problem after it started working).

Hi, we're only seeing 15.6.1 IPSW available for VMs. Where can we find latest and secure versions of macOS IPSW on https://updates.cdn-apple.com/*/fullrestores/ ? Is there an official list somewhere that Apple provides? We need to be sure we can create the latest 15.7.7 VMs with automation and not rely on inner VM upgrades of MacOS.

I have an app with a system network extension. After app upgrade some customers experience broken XPC that they fix by restarting the computer. The app cannot recover by re-launching the tunnel or retrying xpc after 3 seconds. I do OSSystemExtensionRequest.activationRequest on app start and actionForReplacingExtension has .replace. I haven't experienced this before and I don't think I've changed anything, so perhaps macOS 26 has changed xpc handling. Current fix proposal is to deactivate&activate the sysext when vpn is connected, but xpc fails to connect. It's better than computer restart, but it's still not a nice user experience, because user action is required to reenable the sysext. Do you have better ideas? The system logs below show failed xpc connection after upgrade 2026-05-21 12:09:43.017192-0700 0x5b640 Default 0x0 1 0 launchd: [system:] service inactive: NetworkExtension.com.company.macos.stg.tunnelprovider.2026.124.124909 2026-05-21 12:09:43.132350-0700 0x5b7f5 Default 0x0 1 0 launchd: [system/NetworkExtension.com.company.macos.stg.tunnelprovider.2026.124.124909 [78132]:] Successfully spawned com.company.macos.stg.tunnelprovider[78132] because xpc event 2026-05-21 12:09:43.192084-0700 0x5bd02 Default 0x0 78132 0 com.company.macos.stg.tunnelprovider: (libxpc.dylib) [com.apple.xpc:connection] [0x103b01f70] activating connection: mach=true listener=true peer=false name=6GX8KVTR9H.com.company.stg.service 2026-05-21 12:09:43.195957-0700 0x5b640 Default 0x0 1 0 launchd: [system:] failed lookup: name = com.apple.pasteboard.1, requestor = com.company.ma[78132], error = 3: No such process 2026-05-21 12:09:43.246588-0700 0x5b640 Default 0x0 1 0 launchd: [system:] failed lookup: name = com.apple.securityd.xpc, requestor = com.company.ma[78132], error = 3: No such process 2026-05-21 12:09:43.994210-0700 0x5b47a Default 0x0 1 0 launchd: [gui/501 [100025]:] service inactive: application.com.company.macos.stg.155106945.155106951 2026-05-21 12:09:43.996937-0700 0x5b47a Default 0x0 1 0 launchd: [gui/501 [100025]:] removing service: application.com.company.macos.stg.155106945.155106951 2026-05-21 12:09:50.175890-0700 0x5be9d Default 0x0 78205 0 Company Stg: (libxpc.dylib) [com.apple.xpc:connection] [0xc32c92080] activating connection: mach=true listener=false peer=false name=com.company.macos.stg-spks 2026-05-21 12:09:50.175937-0700 0x5b7f5 Default 0x0 1 0 launchd: [gui/501 [100025]:] failed lookup: name = com.company.macos.stg-spks, requestor = Company Stg[78205], error = 3: No such process 2026-05-21 12:09:50.602809-0700 0x5b7f5 Default 0x0 1 0 launchd: [system/NetworkExtension.com.company.macos.stg.tunnelprovider.2026.140.125099:] The endpoint "6GX8KVTR9H.com.company.stg.service" defined in plist already exists and is owned by: NetworkExtension.com.company.macos.stg.tunnelprovider.2026.124.124909 2026-05-21 12:09:50.605301-0700 0x5b7f5 Default 0x0 1 0 launchd: [system:] service inactive: NetworkExtension.com.company.macos.stg.tunnelprovider.2026.124.124909 2026-05-21 12:09:50.605302-0700 0x5b7f5 Default 0x0 1 0 launchd: [system:] removing service: NetworkExtension.com.company.macos.stg.tunnelprovider.2026.124.124909 2026-05-21 12:09:50.662682-0700 0x5b47a Default 0x0 1 0 launchd: [system/NetworkExtension.com.company.macos.stg.tunnelprovider.2026.140.125099 [78238]:] Successfully spawned com.company.macos.stg.tunnelprovider[78238] because xpc event 2026-05-21 12:09:52.396190-0700 0x5bfd6 Default 0x0 78238 0 com.company.macos.stg.tunnelprovider: (libxpc.dylib) [com.apple.xpc:connection] [0x103839c60] activating connection: mach=true listener=true peer=false name=6GX8KVTR9H.com.company.stg.service 2026-05-21 12:09:52.396217-0700 0x5bfcf Default 0x0 1 0 launchd: [system:] failed activation: name = 6GX8KVTR9H.com.company.stg.service, flags = 0x0, requestor = com.company.ma[78238], error = 1: Operation not permitted 2026-05-21 12:09:52.399064-0700 0x5b47a Default 0x0 1 0 launchd: [system:] failed lookup: name = com.apple.pasteboard.1, requestor = com.company.ma[78238], error = 3: No such process 2026-05-21 12:09:52.450706-0700 0x5bfcf Default 0x0 1 0 launchd: [system:] failed lookup: name = com.apple.securityd.xpc, requestor = com.company.ma[78238], error = 3: No such process 2026-05-21 12:09:52.607836-0700 0x5be9d Default 0x0 78205 0 Company Stg: (libxpc.dylib) [com.apple.xpc:connection] [0xc3295d7c0] activating connection: mach=true listener=false peer=false name=6GX8KVTR9H.com.company.stg.service 2026-05-21 12:09:52.607964-0700 0x5b47a Default 0x0 1 0 launchd: [system:] failed lookup: name = 6GX8KVTR9H.com.company.stg.service, flags = 0x8, requestor = Company Stg[78205], error = 3: No such process 2026-05-21 12:09:55.610528-0700 0x5be9d Default 0x0 78205 0 Company Stg: (libxpc.dylib) [com.apple.xpc:connection] [0xc3295de00] activating connection: mach=true listener=false peer=false name=6GX8KVTR9H.com.company.stg.service 2026-05-21 12:09:55.610694-0700 0x5b47a Default 0x0 1 0 launchd: [system:] failed lookup: name = 6GX8KVTR9H.com.company.stg.service, flags = 0x8, requestor = Company Stg[78205], error = 3: No such process

Hello, I filed Feedback FB22859649 about nested virtualization for macOS guests and would like to confirm the supported API surface / limitation through Developer Forums as well. We are using Virtualization.framework to run macOS guests on Apple silicon hosts. The use case is isolated macOS VM workspaces for development and AI-agent automation. In those workspaces, developers often need to run container or VM-backed tooling inside the guest, for example Apple Container workflows, Docker/Colima/Lima-style Linux VM workflows, local Kubernetes, CI sandboxes, testcontainers, or local MCP server stacks that expect hardware-assisted virtualization from inside macOS. Environment I used for the Feedback: Apple silicon host: MacBook Air with Apple M4 Host OS: macOS 26.5 build 25F71 Xcode: 26.5, macOS SDK 26.5 Guest type: macOS VM configured through Virtualization.framework with VZMacOSBootLoader and VZMacPlatformConfiguration From the current SDK headers, I see nested virtualization support exposed on VZGenericPlatformConfiguration via nestedVirtualizationSupported and nestedVirtualizationEnabled. VZMacOSBootLoader says a macOS guest must use VZMacPlatformConfiguration, and VZMacPlatformConfiguration does not appear to expose an equivalent nested virtualization property. Could Apple/DTS please confirm the intended support boundary? Is nested virtualization currently supported for macOS guests created with Virtualization.framework on Apple silicon using VZMacPlatformConfiguration? If not, should this be treated as an intentional current limitation of macOS guests / VZMacPlatformConfiguration rather than a missing configuration option? Is there a supported host-side API or validation behavior to detect this limitation before creating or starting the VM? Is there any supported workaround for container workflows inside a macOS guest that require a nested Linux VM or hypervisor, or is the recommended architecture to run those container/VM workloads on the host or in a Linux guest instead? I am not asking for roadmap or ETA. I am trying to document the correct supported behavior and avoid misleading users of macOS VM workspace tools when container or AI-agent workflows fail because the macOS guest cannot run its own virtualization backend. The broader impact is that disposable macOS VM workspaces are a strong isolation boundary for GUI automation, browser/app state, credentials, local files, and agent runtime state. Without a supported nested virtualization path, the GUI side of the workspace can run in a macOS guest, but common container-backed developer workflows have to move outside that workspace. Thank you.

Environment macOS Version: 26.1 Xcode Version: 16.2 Description I'm developing a custom file system using FSKit and have encountered an issue where the removeItem(_:named:fromDirectory:) method in my FSVolume.Operations implementation is not being invoked when attempting to delete files or directories through Finder or the command line. Implementation My volume implements the required FSVolume.Operations protocol with the following removeItem implementation: func removeItem( _ item: FSItem, named name: FSFileName, fromDirectory directory: FSItem ) async throws { logger.info("remove: \(name)") if let item = item as? MyFSItem, let directory = directory as? MyFSItem { directory.removeItem(item) } else { throw fs_errorForPOSIXError(POSIXError.EIO.rawValue) } } Steps to Reproduce Mount the custom FSKit-based file system using: mount -F -t MyFS /dev/diskX /tmp/mountpoint Create files using Finder or terminal (works correctly - createItem is called) Attempt to delete a file using any of the following methods: Terminal command: rm -rf /path/to/mounted/file option + cmd + delete to remove the file in Finder Expected Behavior The removeItem(_:named:fromDirectory:) method should be called, logging "remove: [filename]" and removing the item from the directory's children collection. Actual Behavior The removeItem method is never invoked. No logs appear from this method in Console.app. The deletion operation either fails silently or returns an error, but the callback never occurs. Additional Context Working operations: Other operations work correctly including: createItem - files and directories can be created lookupItem - items can be looked up successfully enumerateDirectory - directory listing works read and write - file I/O operations work correctly Volume state: The volume is properly mounted and accessible Files can be created, read, and written successfully Volume capabilities configured: var supportedVolumeCapabilities: FSVolume.SupportedCapabilities { let capabilities = FSVolume.SupportedCapabilities() capabilities.supportsHardLinks = true capabilities.supportsSymbolicLinks = true capabilities.supportsPersistentObjectIDs = true capabilities.doesNotSupportVolumeSizes = true capabilities.supportsHiddenFiles = true capabilities.supports64BitObjectIDs = true capabilities.caseFormat = .insensitiveCasePreserving return capabilities } Questions Are there specific volume capabilities or entitlements required for removeItem to be invoked? Is there a specific way deletion operations need to be enabled in FSKit? Could this be related to how file permissions or attributes are set during createItem? Are there any known issues with deletion operations in the current FSKit implementation? Do I need to implement additional protocols or set specific flags to support item deletion? Any guidance would be greatly appreciated. Has anyone successfully implemented deletion operations in FSKit? Thank you!

We are developing a DLP agent that uses a NETransparentProxyProvider to perform traffic inspection and modification. Our architecture currently includes: LaunchAgent, which monitors user session activity (login/logout, session activation) Container App, which: installs and activates a System Extension creates and saves the NETransparentProxyManager configuration starts the transparent proxy via startVPNTunnel. We would like to automate the startup of the Transparent Proxy for all users, including newly created users, in a way that is fully supported by macOS. We are looking for official guidance on the correct and supported mechanism for starting a user‑level Network Extension (specifically NETransparentProxyProvider) automatically at user login. Questions: What is the recommended and supported way to automatically start a NETransparentProxyProvider at user login? Are there any constraints or best practices we should follow when designing an automatic startup flow for a Network Extension such as NETransparentProxyProvider? We would appreciate official clarification on the supported deployment patterns for starting a user‑level Transparent Proxy Network Extension automatically in multi‑user enterprise environments.

I face this issue only on macOS 26 and only on the Intel architecture. I'm unable to download files from a file provider's folder when I make them read-only. STEPS TO REPRODUCE Download the sample from https://developer.apple.com/documentation/fileprovider/synchronizing-files-using-file-provider-extensions?language=objc Follow the steps on the page to configure the project. Build the project. Run it. Add a domain. Open the domain's folder in the Finder. Move a file to the domain's folder. Right-click on the file in the domain's folder and select "Remove Download". Close the Finder's window with the domain's folder and kill all the "Provider" processes to get rid of running instances of the extension. Change Item's capabilities in Item.swift to make the items read-only: var result: NSFileProviderItemCapabilities = [ .allowsContentEnumerating, .allowsReading ] Rebuild the project and run it. Open the domain's folder and try to drag and drop the file from the extension's folder to, let's say, the Desktop folder. EXPECTED RESULT The file is copied ACTUAL RESULT A dialog pops up with text "The file “filename” cannot be downloaded. Do you want to skip it?" Stop/Skip

Hello, I am working on a DLP (Data Leak Prevention) agent which must programmatically install our custom Root CA certificate into the System Keychain with the "Always Trust" policy. This is required for our network inspection module. The installation process is currently handled by a LaunchDaemon. I am using the following command: security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain The certificate is successfully added to the System Keychain, but the "Always Trust" policy is completely ignored. The certificate remains untrusted until the user manually opens System Settings and explicitly changes the trust settings. Our DLP agent is specifically designed for environment where MDM is not present and we can not rely on MDM to push profiles. Is it officially possible to set "Always Trust" for certificate programmatically from a LaunchDaemon? Thank you in advance!

Just wondering if anyone ran into this issue. I use NetFSMountURLSync for my application with which I allow the user to use a custom path as a mount point (instead of "/Volumes"). This has worked just fine for at least a decade now, but ... since the Tahoe 26.4 "update" mounting to a custom path only generates errors. Note: Mounting to "/Volumes" works correctly (mountpoint = NIL). Since I'm unaware of any changes; is this a bug introduced by Tahoe 26.4, or should I be using a different function to mount a network share?

The total physical memory of 3GB iOS devices is very tight. After system memory occupation, the available memory for third-party apps is extremely insufficient, leading to frequent OOM termination. Enabling or disabling JavaScriptCore causes a huge difference in app memory crash threshold. Without JSC, the app will crash at only 1.52GB memory usage, which severely restricts normal business running. The common 4MB and 8MB memory allocation used in our project falls into the high memory fragmentation range defined by libmalloc, resulting in the lowest memory crash limit and worst stability. Our core business relies heavily on JSC environment for JS interaction, resource rendering and dynamic logic execution. We cannot shut down JSC, but 3GB devices still face serious memory shortage even with JSC enabled. Mass users with 3GB RAM old iOS devices suffer from frequent app crashes, freeze, background kill and loading failure, which badly damage user experience and product reputation. We have finished all app-level memory optimization: adjust allocation size, optimize memory release, reduce resident memory, but still cannot break through the fixed memory crash limit. There is no effective solution on application layer. We sincerely ask Apple official engineers to provide official suggestions, system-level memory tuning solutions and JSC memory scheduling optimization guidance to solve the memory limit bottleneck on 3GB RAM iOS devices.

Hello, I am working on a DLP system for macOS. The application must analyze and potentially block network traffic. Currently, I am using NETransparentProxyProvider for traffic analysis and looking for the best solution to block network traffic. I believe the blocking can be implemented by capturing the flow and choosing not to proxy/forward it further (dropping it). However, I am unsure how the OS and other applications will react to this approach. As far as I know, macOS provides a dedicated NEFilterDataProvider (Content Filter) specifically designed for traffic filtering and blocking. I have two questions regarding the architecture: Is it safe to block flows directly using a Transparent Proxy? Will dropping/ignoring the flow without forwarding it cause any unexpected system behavior, socket hangups, or performance issues? Or is it highly recommended to strictly use a Content Filter (NEFilterDataProvider) for the blocking aspect? Can a single container app install and manage more than one Network Extension in the system? For example, if the best practice dictates separating the logic, can my single DLP macOS application bundle and install both a Transparent Proxy (for analysis/routing) and a Content Filter (for blocking) simultaneously? Thank you in advance!

I’ve developed a virtual machine manager application using the macOS Virtualization framework. The application currently supports both NAT and bridged networking configurations. I’m now looking to implement host-only networking, where the guest VM can communicate with the host but not with external networks. Is this networking mode supported by the Virtualization framework, and if so, what is the recommended approach to set it up? Additionally, I would like to implement port forwarding from the host to the guest (e.g., redirecting traffic from a specific port on the host to a port on the guest). Is there a way to configure port forwarding using the built-in APIs of the Virtualization framework, or would this require a custom networking solution? Any guidance or best practices for implementing these features within the constraints of the framework would be greatly appreciated.

I’m trying to understand the intended macOS File Provider behavior when unsynchronised local files exist inside a provider volume that gets deleted. Scenario: A local file is moved (not copied) from a normal filesystem location into a File Provider-backed cloud volume. The provider is disabled/offline or upload is pending, so the file has not yet synchronised to the cloud. The File Provider volume/domain is then deleted from Finder and the deletion is confirmed. In this situation, the unsynchronised file appears to be lost entirely instead of being moved to ~/.Trash. My question is: Why doesn’t macOS preserve unsynchronised local content by automatically moving it to Trash before removing the File Provider domain? From a user perspective, Finder presents the provider volume as a normal filesystem hierarchy, so deleting the volume feels equivalent to deleting a local folder or mounted drive, where local-only files would normally be recoverable via Trash. Is the current behavior expected because: File Provider storage is treated as provider-managed cache rather than canonical filesystem data? Finder delegates deletion semantics entirely to the provider extension? The backing files may not exist as normal files at deletion time? Or are providers expected to implement their own recovery/trash logic? More generally: Is there an Apple-recommended pattern for preventing loss of unsynchronised files during domain removal? Are providers expected to retain pending uploads somewhere recoverable? Is there any supported API for preserving unsynced local items before deleting a domain? I’m asking because this behavior can easily lead to unexpected data loss when users assume Finder trash semantics apply to File Provider volumes.