While trying to modify a property list I was rather surprised to receive the following error
sh-3.2# cp com.apple.mDNSResponder.plist com.apple.mDSNResponder.plist.backup
cp: com.apple.mDSNResponder.plist.backup: Operation not permitted
and the Console has the following log entry:
10/28/15 1:12:55.886 PM sandboxd[118]: ([13463]) cp(13463) System Policy: deny file-write-create /System/Library/LaunchDaemons/com.apple.mDSNResponder.plist.backup
Which goes against the traditional UNIX paradigm of giving a user enough rope to hang themselves and a couple feet more. So my question would be, how can I configure sandbox permissions on OS X 10.11? I can't seem to find much documentation on them. Even where to store them seems ambiguous as I see them in framework bundles, in /System/Library/Sandbox/Profiles and /usr/share/sandbox.
Best Answer
That would be System Integrity Protection at work, you can find a detailed answer here.