I'm trying to kill a process by a user other than myself on macOS High Sierra, but still getting an error even with sudo:
$ sudo kill 108
kill: 108: Operation not permitted
The PID does exist:
$ ps ux -p 108
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
_sentinel 108 3.6 1.5 5364180 245992 ?? Rs 23May19 149:15.88 /Library/Sentinel/sentinel-agent.bundle/Contents/MacOS/sentineld
How can I diagnose why sudo kill is failing? Is it because of System Integrity Protection? If so, how do I disable the relevant attributes on the process so that sudo kill succeeds?
I'm not looking to disable SIP globally, since the process in question belongs to SentinelOne (not a core macOS pre-installed application).
Best Answer
As far as I know this is not due to SIP as such, but rather to the fact that SentinelOne includes guards against this in particular. It works by adding a kernel extension to the system, which means it can change ordinary workings of signal delivery.
You could say that the best way to kill this process is simply never to run it at all - i.e. uninstall the program.