Hello, I am trying to get space which is consumed by APFS volume. The call getattrlist() works fine on macOS 15 (Apple silicon). However, it returns EINVAL on macOS 11.7.10 (Intel) if ATTR_VOL_SPACEUSED is defined. struct VolAttrBuf { u_int32_t length; off_t spaceUsed; } __attribute__((aligned(4), packed)); int64_t GetVolumeSpaceUsed(const std::string& mountPath) { struct attrlist attrList; std::memset(&attrList, 0, sizeof(attrList)); attrList.bitmapcount = ATTR_BIT_MAP_COUNT; attrList.volattr = ATTR_VOL_INFO | ATTR_VOL_SPACEUSED; VolAttrBuf attrBuf; if (getattrlist(mountPath.c_str(), &attrList, &attrBuf, sizeof(attrBuf), 0) || attrBuf.length > sizeof(attrBuf)) { std::cout << "getattrlist() failed with errno (" << errno << ")" << std::endl; return -1; } return attrBuf.spaceUsed; } Is it bug or ATTR_VOL_SPACEUSED is unsupported on macOS 11? Are there any other way to get space which is used on an APFS volume? (C++) Thank you in advance, Pavel

After uploading the app archive generated by Xcode (which passed validation), I received an email stating one or more files had the com.apple.quarantine extended file attribute and to remove the attribute before uploading the archive again. A particular PNG file was identified. In the terminal, I ran the command: xattr -d com.apple.quarantine The response was: "No such xattr: com.apple.quarantine" I also ran "xattr -rd" on the directory containing all app files. No response. The identifed PNG file at fault is a screenshot used only in the app's User Guide. It was created 5 years ago using Apple software: Ctrl-Shift-4 to capture the image, Preview to resize. Given the file does not have the quarantine extended attribute, I can only conclude that Xcode is adding the attribute when building the archive. How do I stop Xcode from adding the attribute? I have search Google with numerous search criteria and check the Apple Developer Forum, but could only find how to remove the attribute using xattr; nothing about Xcode adding the attribute when building an archive.

Hello, I am working on a daemon which collects information about disk space usage on macOS. APFS has quite complex structure and there is a challenge to get detailed info. My application must provide disk usage by APFS containers. Are there any recommended way to get space usage by particular APFS volume? Are there any recommended way to get free space on particular APFS container? Are there any recommended way to enumerate APFS containers and volumes? I am using Disk Arbitration to get APFS info. However, I get restricted info about space usage because I get get disk usage for mounted volumes only. Are there any public API (daemon-safe) which allows to easily get disk space usage on macOS? Thank you in advance, Pavel

Testing Environment: iOS 18.4.1 / macOS 15.4.1 I am working on an iOS project that aims to utilize the user's iCloud Drive documents directory to save a specific directory-based file structure. Essentially, the app would create a root directory where the user chooses in iCloud Drive, then it would populate user generated files in various levels of nested directories. I have been attempting to use NSMetadataQuery with various predicates and search scopes but haven't been able to get it to directly monitor changes to files or directories that are not in the root directory. Instead, it only monitors files or directories in the root directory, and any changes in a subdirectory are considered an update to the direct children of the root directory. Example iCloud Drive Documents (Not app's ubiquity container) User Created Root Directory (Being monitored) File A Directory A File B An insertion or deletion within Directory A would only return a notification with userInfo containing data for NSMetadataQueryUpdateChangedItemsKey relating to Directory A, and not the file or directory itself that was inserted or deleted. (Query results array also only contain the direct children.) I have tried all combinations of these search scopes and predicates with no luck: query.searchScopes = [ rootDirectoryURL, NSMetadataQueryUbiquitousDocumentsScope, NSMetadataQueryAccessibleUbiquitousExternalDocumentsScope, ] NSPredicate(value: true) NSPredicate(format: "%K LIKE '*.md'", NSMetadataItemFSNameKey) NSPredicate(format: "%K BEGINSWITH %@", NSMetadataItemPathKey, url.path(percentEncoded: false)) I do see these warnings in the console upon starting my query: [CRIT] UNREACHABLE: failed to get container URL for com.apple.CloudDocs [ERROR] couldn't fetch remote operation IDs: NSError: Cocoa 257 "The file couldn’t be opened because you don’t have permission to view it." "Error returned from daemon: Error Domain=com.apple.accounts Code=7 "(null)"" But I am not sure what to make of that, since it does act normally for finding updates in the root directory. Hopefully this isn't a limitation of the API, as the only alternative I could think of would be to have multiple queries running for each nested directory that I needed updates for.

Hi, I'm working with the new FSKit framework and have successfully implemented a custom file system using FSUnaryFileSystem. Mounting the file system via Terminal works perfectly — I can create, delete, and browse files and directories as expected. Since /Volumes is protected on modern macOS systems, I cannot mount my file system there directly. Instead, I mount it into a different writable directory (e.g., /tmp/MyFS) and then create a symbolic link to it in a user-visible location such as ~/Downloads/MyFS. Finder does see the symlink and displays it with a "Volume" icon, but clicking it results in an error — it cannot be opened. It seems like Finder does not treat the symlinked mount as a fully functional volume. Is there a proper way to register or announce a FSKit-mounted file system so that Finder lists it as a real volume and allows access to it? Are there additional steps (APIs, notifications, entitlements, or Info.plist keys) required to integrate with Finder? Any insight would be greatly appreciated. Thanks!

Recently, some feedback has been received. After users upgrade to ipados 17.7.7 and return to the login status and restart the App, it will become invalid. We checked the log and found that the content stored in NSUserdefault would be lost after restarting the App. Has anyone encountered this problem?

Hi All, I am looking for a terminal command to get the exact same output as the file count you recieve when using Get Info in finder. The closest i can get is using the find command with flags: find 'path/to/folder' -not -path '*/\.*' -and -not -path '*\.key/*' -and -not -path '*\.numbers/*' -and -not -path '*\.pages/*' -and -not -path '*__MACOSX/*' -and -not -path '*\.pdf/*' -and -not -path '*\.app/*' -and -not -path '*\.rtfd/*' | wc -l I will be searching on an external volume that sometimes produces keynote save files that finder sometimes sees as a package and sometimes sees as a folder. If a folder finder counts the items contained if a package it doesn't, I need the command or script to mimic this behaviour. In the example of the screenshot get info on the top folder produces a count of 14 and the find command produces a count of 23. There are also other behaviours that differ the file count between them but i'm not sure what causes them. Any help on a solution it being a command or script would be much apreciated. Thanks, James

I found the live activity process cannot write to the app group and FileManger, can only read the app group. When I write using FileManager in a live activity process, the console prompts me with a permission error. When I write using UserDefault(suit:) in the live activity process, I read a null value in the main app. Is this the case for real-time event design? I haven’t seen any documentation mentioning this. Does anyone know, thank you very much.

How do I gain access to the Documents folder? Under targets, "signing and capabilities", App Sandbox, I can see the Music folder, Desktop... but not Documents.

Hello everyone, I’m working on an iOS app that uses the new DeviceActivity framework to monitor and report user screen‐time in an extension (DeviceActivityReportExtension). I need to persist my processed screen‐time data into a standalone SQLite database inside the extension, but I’m running into issues opening and writing to the database file. Here’s what I’ve tried so far: import UIKit import DeviceActivity import SQLite3 class DeviceActivityReportExtension: DeviceActivityReportExtension { private var db: OpaquePointer? override func didReceive(_ report: DeviceActivityReport) async { // 1. Construct path in app container: let containerURL = FileManager.default.containerURL(forSecurityApplicationGroupIdentifier: "group.com.mycompany.myapp") let dbURL = containerURL?.appendingPathComponent("ScreenTimeReports.db") // 2. Open database: if sqlite3_open(dbURL?.path, &amp;db) != SQLITE_OK { print("❌ Unable to open database at \(dbURL?.path ?? "unknown path")") return } defer { sqlite3_close(db) } // 3. Create table if needed: let createSQL = """ CREATE TABLE IF NOT EXISTS reports ( id INTEGER PRIMARY KEY AUTOINCREMENT, date TEXT, totalScreenTime DOUBLE ); """ if sqlite3_exec(db, createSQL, nil, nil, nil) != SQLITE_OK { print("❌ Could not create table: \(String(cString: sqlite3_errmsg(db)))") return } // 4. Insert data: let insertSQL = "INSERT INTO reports (date, totalScreenTime) VALUES (?, ?);" var stmt: OpaquePointer? if sqlite3_prepare_v2(db, insertSQL, -1, &amp;stmt, nil) == SQLITE_OK { sqlite3_bind_text(stmt, 1, report.date.description, -1, nil) sqlite3_bind_double(stmt, 2, report.totalActivityDuration) if sqlite3_step(stmt) != SQLITE_DONE { print("❌ Insert failed: \(String(cString: sqlite3_errmsg(db)))") } } sqlite3_finalize(stmt) } } However: Path issues: The extension’s sandbox is separate from the app’s. I’m not sure if I can use the same App Group container, or if there’s a better location for an on‐extension database. Entitlements: I’ve added the App Group (group.com.mycompany.myapp) to both the main app and the extension, but the file never appears, and I still get “unable to open database” errors. My questions are: How do I correctly construct a file URL for an SQLite file in a DeviceActivityReportExtension? Is SQLite the recommended approach here, or is there a more “Apple-approved” pattern for writing data from a DeviceActivity extension? Any sample code snippets, pointers to relevant Apple documentation, or alternative approaches would be greatly appreciated!

Will the ES_EVENT_TYPE_NOTIFY_OPEN event be called back when the user has already returned es_respond_flags_result(client, msg, 0, false) in ES_EVENT_TYPE_AUTH_OPEN? I believe the ES_EVENT_TYPE_NOTIFY_OPEN event should not be triggered if the user has already denied the open operation in the ES_EVENT_TYPE_AUTH_OPEN response handler. However, during my testing, ES_EVENT_TYPE_NOTIFY_OPEN was still being called even after I blocked the open process. Is this behavior correct?

Hi all, I have repeatedly the issue that a certain .strings file in my app's bundle has the extended files attribute com.apple.quarantine set. Consequently the submission fails with the following mail notification: We noticed one or more issues with a recent delivery for the following app: [...] ITMS-91109: Invalid package contents - The package contains one or more files with the com.apple.quarantine extended file attribute, such as “abcdef.strings”. This attribute isn’t permitted in macOS apps distributed on TestFlight or the App Store. Please remove the attribute from all files within your app and upload again. I'm able to resubmit the bundle after cleaning the file attribute via xattr -d -r com.apple.quarantine..., but the funny thing is it happens again and again - on a .strings file which hasn't been downloaded (but manually created), shouldn't be under Gatekeeper's quarantine, and wasn't edited in the meantime. Is anybody else observing the same issue with macOS 15.4.1, Xcode 16.3? Greetings, Matthias

The URL directory obtained by UIDocumentPickerVieweController can be read and written in the directory after calling startAccessingDecurityScopeResource. However, after restarting the app, if the URL saved in the package is called startAccessingDecurityScopeResource again and returns NO, UIDocumentPickerVieweController must be called again to retrieve the URL, and then startAccessingDecurityScopeResource must be called again before continuing the operation. This is too troublesome. Is there a way to continue reading and writing operations in the URL directory after restarting the app?

I am developing a background application that acts as a metadata server under MacOS written in Swift. Sandboxed clients prompt the user to select URLs which are passed to the server as security scoped bookmarks via an App Group and the metadata will be passed back. I don't want the I/O overhead of passing the complete image file data to the server. All the variations I have tried of creating security scoped bookmarks in the client and reading them from the server fail with error messages such as "The file couldn’t be opened because it isn’t in the correct format." Can anyone guide me in the right direction or is this just not possible?

I'm working on a build system similar to Bazel where each build action runs in a sandbox. The sandbox contains only the files that the user defined as input to ensure that the build action doesn't have any implicit dependencies. Bazel achieves this by creating a "symlink forest" to the original source files. This works, but I have observed fseventsd using significant CPU during a Bazel build, presumably because of all the symlinks that get created. Is there a way to disable file events for a directory or a volume? The "File System Events Programming Guide" in the Documentation Archive mentions placing an empty file named no_log in the .fseventsd directory at the root of the volume, but when testing on macOS 15.5 with APFS that appears to no longer work. Related, is a "symlink forest" the best way to create a sandbox like this? Or is there a different method one can use to provide a view of a subset of the files in a directory tree? I read up on the App Sandbox but that seems too coarse grained. Something like Linux's overlayfs would work well, and maybe one can achieve a similar functionality with firmlinks? Curious about folks thoughts here. Thanks in advance!

We are experimenting with FileProvider on MacOS, we want to set ACL policy restriction on a folder and the same policy needs to be applied down to its children. To achieve this currently we are setting corresponding NSFileProviderItemCapabilities on parent folder and recursively iterate over all of its children and set the capability on each individual child items. GOAL: We expect the root's ACL policy to be implicitly percolated down to its children without explicitly being iterated over them and setting it individually. From our research, we couldn't find any policy that can help us achieve the above goal. If there are any such provisions in FileProvider, please guide us to them.

In my app the user can select a source folder to be synced with a destination folder. The sync can also happen in response to a change in the source folder detected with FSEventStreamCreate. If the user unzips an archive in the source folder and the sync process begins before the unzip operation has completed, the sync can fail because of a "Permission denied" error. I assume this is related to the posix permissions of the extracted folder being 420 during the unzip operation and (in my case) 511 afterwards. Is there a way to detect than an unzip operation is in progress and wait until it has completed? I thought that using NSFileCoordinator would solve this issue, but unfortunately it's not the case. Since an unzip operation can last any amount of time, it's not ideal to just delay a sync by a fixed number of seconds and let the user deal with any error if the unzip operation takes longer. let openPanel = NSOpenPanel() openPanel.canChooseDirectories = true if openPanel.runModal() == .cancel { return } let url = openPanel.urls[0].appendingPathComponent("extracted", isDirectory: false) var error: NSError? NSFileCoordinator(filePresenter: nil).coordinate(readingItemAt: url, error: &error) { url in do { print(try FileManager.default.attributesOfItem(atPath: url.path).sorted(by: { $0.key.rawValue < $1.key.rawValue }).map({ ($0.key.rawValue, $0.value) })) try FileManager.default.contentsOfDirectory(at: url, includingPropertiesForKeys: nil) } catch { print(error) } } if let error = error { print("file coordinator error:", error) }

I've gotten to the point where I can use the mount(8) command line tool and the -t option to mount a file system using my FSKit file system extension, in which case I can see a process for my extension launch, probe, and perform the other necessary actions. However, when plugging in my USB flash drive or trying to mount with diskutil mount, the file system does not mount: $ diskutil mount disk20s3 Volume on disk20s3 failed to mount If you think the volume is supported but damaged, try the "readOnly" option $ diskutil mount readOnly disk20s3 Volume on disk20s3 failed to mount If you think the volume is supported but damaged, try the "readOnly" option Initially I thought it would be enough to just implement probeExtension(resource:replyHandler:) and the system would handle the rest, but this doesn't seem to be the case. Even a trivial implementation that always returns .usable doesn't cause the system to use my FSModule, even though I've enabled my extension in System Settings > General > Login Items & Extensions > File System Extensions. From looking at some of the open source msdos and Disk Arb code, it seems like my app extension needs to list FSMediaTypes to probe. I eventually tried putting this in my Info.plist of the app extension: <key>FSMediaTypes</key> <dict> <key>EBD0A0A2-B9E5-4433-87C0-68B6B72699C7</key> <dict> <key>FSMediaProperties</key> <dict> <key>Content Hint</key> <string>EBD0A0A2-B9E5-4433-87C0-68B6B72699C7</string> <key>Leaf</key> <true/> </dict> </dict> <key>0FC63DAF-8483-4772-8E79-3D69D8477DE4</key> <dict> <key>FSMediaProperties</key> <dict> <key>Content Hint</key> <string>0FC63DAF-8483-4772-8E79-3D69D8477DE4</string> <key>Leaf</key> <true/> </dict> </dict> <key>Whole</key> <dict> <key>FSMediaProperties</key> <dict> <key>Leaf</key> <true/> <key>Whole</key> <true/> </dict> </dict> <key>ext4</key> <dict> <key>FSMediaProperties</key> <dict> <key>Content Hint</key> <string>ext4</string> <key>Leaf</key> <true/> </dict> </dict> </dict> </plist> (For reference, the partition represented by disk20s3 has a Content Hint of 0FC63DAF-8483-4772-8E79-3D69D8477DE4 and Leaf is True which I verified using IORegistryExplorer.app from the Xcode additional tools.) Looking in Console it does appear now that the system is trying to use my module (ExtendFS_fskit) to probe when I plug in my USB drive, but I never see a process for my extension actually launch when trying to attach to it from Xcode by name (unlike when I use mount(8), where I can do this). However I do see a Can't find the extension for <private> error which I'm not sure is related but does sound like the system can't find the extension for some reason. The below messages are when filtering for "FSKit": default 19:14:53.455826-0400 diskarbitrationd probed disk, id = /dev/disk20s3, with ExtendFS_fskit, ongoing. default 19:14:53.456038-0400 fskitd Incomming connection, entitled 1 default 19:14:53.456064-0400 fskitd [0x7d4172e40] activating connection: mach=false listener=false peer=true name=com.apple.filesystems.fskitd.peer[350].0x7d4172e40 default 19:14:53.456123-0400 fskitd Hello FSClient! entitlement yes default 19:14:53.455902-0400 diskarbitrationd [0x7461d8dc0] activating connection: mach=true listener=false peer=false name=com.apple.filesystems.fskitd default 19:14:53.456151-0400 diskarbitrationd Setting remote protocol to all XPC default 19:14:53.456398-0400 fskitd About to get current agent for 501 default 19:14:53.457185-0400 diskarbitrationd probed disk, id = /dev/disk20s3, with ExtendFS_fskit, failure. error 19:14:53.456963-0400 fskitd -[fskitdXPCServer applyResource:targetBundle:instanceID:initiatorAuditToken:authorizingAuditToken:isProbe:usingBlock:]: Can't find the extension for <private> (I only see these messages after plugging my USB drive in. When running diskutil mount, I see no messages in the console when filtering by FSKit, diskarbitrationd, or ExtendFS afterward. It just fails.) Is there a step I'm missing to get this to work, or would this be an FSKit bug/current limitation?

We are seeing a kernel panic in nfsd when using vagrant synced folders. The issue started with macOS 15.4 and still occurs with macOS 15.5. It’s 100% reproducible when bringing up a new vagrant environment. The kernel panic does not occur when using smb instead of nfs. https://developer.hashicorp.com/vagrant/docs/synced-folders/nfs Other people have reported a similar issue when using nfs with Docker. https://github.com/docker/for-mac/issues/7664 I filed this under FB17853906. I spoke with an engineer at the Apps &amp; Services WWDC lab and they recommended I post here to make sure the bug gets looked at and routed to the correct team.

I am developing an Apple app that has to download 1000s of MP4 files between 5 and 150MB each at one time (can take an hour or more - is OK). I use Apple's file picker to select the files, and then it freezes and I cannot download anything. I had this working a few months ago but now I cannot get it to work. Can someone give me some advice please?