MacOS – El Capitan: will System Integrity Protection defence stop sandbox program from accessing System.log

macosSecurity

OS X El Capitan apparently has this new security feature known as System Integrity Protection, which limits root access to an array of files including: /system, /bin, /sbin, /usr, /etc, /tmp and /var.

I have a program I developed which accesses the file system.log located in the /var/log/ directory.

My Question is:

Will my program (running in the sandbox) be able to access the file /var/log/system.log with the 'System Integrity Protection' system running?

Thanks in Advance.

Best Answer

Will my program (running in the sandbox) be able to access the file /var/log/system.log with the 'System Integrity Protection' system running?

Yes, a sandboxed application will be able to access /var/log/system.log on OS X with System Integrity Protection (SIP) enabled.

`/var` is Not Protected

The /var folder is not protected by SIP. As of OS X 10.11, only the following locations are protected:

Paths and applications protected by System Integrity Protection include:

/System

/usr

/bin

/sbin

Apps that are pre-installed with OS X

Paths and applications that third-party apps and installers can write to include:

/Applications

/Library

/usr/local

See Apple's developer documentation on System Integrity Protection for more details.

Best Answer

/var is Not Protected

Related Solutions

MacOS – OS X Lion thesterious user cron job just does echo “PATH is $PATH”

MacOS – Permanently Disabling System Integrity Protection

Related Question

`/var` is Not Protected