We are seeing a kernel panic in nfsd when using vagrant synced folders. The issue started with macOS 15.4 and still occurs with macOS 15.5. It’s 100% reproducible when bringing up a new vagrant environment. The kernel panic does not occur when using smb instead of nfs. https://developer.hashicorp.com/vagrant/docs/synced-folders/nfs Other people have reported a similar issue when using nfs with Docker. https://github.com/docker/for-mac/issues/7664 I filed this under FB17853906. I spoke with an engineer at the Apps & Services WWDC lab and they recommended I post here to make sure the bug gets looked at and routed to the correct team.

I work on EdenFS, an open-source Virtual Filesystem that runs on macOS, Linux, and Windows. My team is very interested in using FSKit as the basis for EdenFS on macOS, but have found the documentation to be lacking and contains some mixed messaging on the future of FSKit. Below are a few questions that don’t seem to be fully covered by the current documentation: Does FSKit support process attribution? Each FUSE request provides a requester Process ID (and other information) through the fuse_in_header structure. Does FSKit pass similar information along for each request? Does the reclaimItem API function similarly to FUSE’s forget operation? If not, what are the differences? See #1 below for why forget/reclaimItem matters to us. Is Apple committed to releasing and supporting FSKit? Is there any timeline for release that we can plan around? Does FSKit have known performance/scalability limitations? We provide alternative methods that clients can use to make bulk requests to EdenFS, but some clients will necessarily be unable to use those and stress the default filesystem APIs. Throughput (on the order of tens of thousands of filesystem requests per minute) and request size are the main concerns, followed closely by directory size restrictions. Why we’re interested in FSKit As mentioned above, my team supports EdenFS on 3 platforms. On Linux, we utilize FUSE; on Windows, we utilize ProjectedFS; and on macOS, we’ve utilized a few different solutions in the past. We first utilized the macFUSE kext, which was great while it lasted. Due to (understandable) changes in supporting kernel extensions, we were forced to move to NFS version 3. NFS has been lackluster in comparison (and our initial investigations show that NFS version 4(.2) would be similar). We have had numerous scalability and reliability issues, some listed below: NFS does not provide a forget API similar to FUSE. EdenFS is forced to remember all file handles that have been loaded because the kernel never informs us when all references to that file handle have been dropped. We can hackily infer that a file handle should never be referenced again in some cases, but a large number of file handles end up being remembered forever. Many of our algorithms scale with the number of file handles that Eden has to consider, and therefore performance issues are inevitable after some time. NFS does not provide information about clients (requesters). We cannot tell which processes are sending EdenFS requests. This attribution is important due to issue #1. We are forced to work with tool owners to modify their applications to be VFS-friendly. If we can’t track down which tools are behaving poorly, they will continue to load excess file handles and cause performance issues. NFS “Server connections interrupted:” dialog during heavy load. Under heavy load, either EdenFS or system-wide, our users experience this dialog pop-up and are confused as to how they should respond (Ignore or Disconnect All). They become blocked in their work, and will be further blocked if they click “Disconnect All” as that unmounts their EdenFS mount. This forces them to restart EdenFS or reboot their laptop to remediate the issue. The above issues make us extremely motivated to use FSKit and partner with Apple to flesh out the final version of the FSKit API. Our use case likely mirrors what other user-space filesystems will be looking for in the FSKit API (albeit at a larger scale than most), and we’re willing to collaborate to work out any issues in the current FSKit offerings.

I am developing a background application that acts as a metadata server under MacOS written in Swift. Sandboxed clients prompt the user to select URLs which are passed to the server as security scoped bookmarks via an App Group and the metadata will be passed back. I don't want the I/O overhead of passing the complete image file data to the server. All the variations I have tried of creating security scoped bookmarks in the client and reading them from the server fail with error messages such as "The file couldn’t be opened because it isn’t in the correct format." Can anyone guide me in the right direction or is this just not possible?

Hi, I'm working with the new FSKit framework and have successfully implemented a custom file system using FSUnaryFileSystem. Mounting the file system via Terminal works perfectly — I can create, delete, and browse files and directories as expected. Since /Volumes is protected on modern macOS systems, I cannot mount my file system there directly. Instead, I mount it into a different writable directory (e.g., /tmp/MyFS) and then create a symbolic link to it in a user-visible location such as ~/Downloads/MyFS. Finder does see the symlink and displays it with a "Volume" icon, but clicking it results in an error — it cannot be opened. It seems like Finder does not treat the symlinked mount as a fully functional volume. Is there a proper way to register or announce a FSKit-mounted file system so that Finder lists it as a real volume and allows access to it? Are there additional steps (APIs, notifications, entitlements, or Info.plist keys) required to integrate with Finder? Any insight would be greatly appreciated. Thanks!

We are experimenting with FileProvider on MacOS, we want to set ACL policy restriction on a folder and the same policy needs to be applied down to its children. To achieve this currently we are setting corresponding NSFileProviderItemCapabilities on parent folder and recursively iterate over all of its children and set the capability on each individual child items. GOAL: We expect the root's ACL policy to be implicitly percolated down to its children without explicitly being iterated over them and setting it individually. From our research, we couldn't find any policy that can help us achieve the above goal. If there are any such provisions in FileProvider, please guide us to them.

I'm working on a build system similar to Bazel where each build action runs in a sandbox. The sandbox contains only the files that the user defined as input to ensure that the build action doesn't have any implicit dependencies. Bazel achieves this by creating a "symlink forest" to the original source files. This works, but I have observed fseventsd using significant CPU during a Bazel build, presumably because of all the symlinks that get created. Is there a way to disable file events for a directory or a volume? The "File System Events Programming Guide" in the Documentation Archive mentions placing an empty file named no_log in the .fseventsd directory at the root of the volume, but when testing on macOS 15.5 with APFS that appears to no longer work. Related, is a "symlink forest" the best way to create a sandbox like this? Or is there a different method one can use to provide a view of a subset of the files in a directory tree? I read up on the App Sandbox but that seems too coarse grained. Something like Linux's overlayfs would work well, and maybe one can achieve a similar functionality with firmlinks? Curious about folks thoughts here. Thanks in advance!

The URL directory obtained by UIDocumentPickerVieweController can be read and written in the directory after calling startAccessingDecurityScopeResource. However, after restarting the app, if the URL saved in the package is called startAccessingDecurityScopeResource again and returns NO, UIDocumentPickerVieweController must be called again to retrieve the URL, and then startAccessingDecurityScopeResource must be called again before continuing the operation. This is too troublesome. Is there a way to continue reading and writing operations in the URL directory after restarting the app?

Hi all, I have repeatedly the issue that a certain .strings file in my app's bundle has the extended files attribute com.apple.quarantine set. Consequently the submission fails with the following mail notification: We noticed one or more issues with a recent delivery for the following app: [...] ITMS-91109: Invalid package contents - The package contains one or more files with the com.apple.quarantine extended file attribute, such as “abcdef.strings”. This attribute isn’t permitted in macOS apps distributed on TestFlight or the App Store. Please remove the attribute from all files within your app and upload again. I'm able to resubmit the bundle after cleaning the file attribute via xattr -d -r com.apple.quarantine..., but the funny thing is it happens again and again - on a .strings file which hasn't been downloaded (but manually created), shouldn't be under Gatekeeper's quarantine, and wasn't edited in the meantime. Is anybody else observing the same issue with macOS 15.4.1, Xcode 16.3? Greetings, Matthias

Will the ES_EVENT_TYPE_NOTIFY_OPEN event be called back when the user has already returned es_respond_flags_result(client, msg, 0, false) in ES_EVENT_TYPE_AUTH_OPEN? I believe the ES_EVENT_TYPE_NOTIFY_OPEN event should not be triggered if the user has already denied the open operation in the ES_EVENT_TYPE_AUTH_OPEN response handler. However, during my testing, ES_EVENT_TYPE_NOTIFY_OPEN was still being called even after I blocked the open process. Is this behavior correct?

Hello everyone, I’m working on an iOS app that uses the new DeviceActivity framework to monitor and report user screen‐time in an extension (DeviceActivityReportExtension). I need to persist my processed screen‐time data into a standalone SQLite database inside the extension, but I’m running into issues opening and writing to the database file. Here’s what I’ve tried so far: import UIKit import DeviceActivity import SQLite3 class DeviceActivityReportExtension: DeviceActivityReportExtension { private var db: OpaquePointer? override func didReceive(_ report: DeviceActivityReport) async { // 1. Construct path in app container: let containerURL = FileManager.default.containerURL(forSecurityApplicationGroupIdentifier: "group.com.mycompany.myapp") let dbURL = containerURL?.appendingPathComponent("ScreenTimeReports.db") // 2. Open database: if sqlite3_open(dbURL?.path, &db) != SQLITE_OK { print("❌ Unable to open database at \(dbURL?.path ?? "unknown path")") return } defer { sqlite3_close(db) } // 3. Create table if needed: let createSQL = """ CREATE TABLE IF NOT EXISTS reports ( id INTEGER PRIMARY KEY AUTOINCREMENT, date TEXT, totalScreenTime DOUBLE ); """ if sqlite3_exec(db, createSQL, nil, nil, nil) != SQLITE_OK { print("❌ Could not create table: \(String(cString: sqlite3_errmsg(db)))") return } // 4. Insert data: let insertSQL = "INSERT INTO reports (date, totalScreenTime) VALUES (?, ?);" var stmt: OpaquePointer? if sqlite3_prepare_v2(db, insertSQL, -1, &stmt, nil) == SQLITE_OK { sqlite3_bind_text(stmt, 1, report.date.description, -1, nil) sqlite3_bind_double(stmt, 2, report.totalActivityDuration) if sqlite3_step(stmt) != SQLITE_DONE { print("❌ Insert failed: \(String(cString: sqlite3_errmsg(db)))") } } sqlite3_finalize(stmt) } } However: Path issues: The extension’s sandbox is separate from the app’s. I’m not sure if I can use the same App Group container, or if there’s a better location for an on‐extension database. Entitlements: I’ve added the App Group (group.com.mycompany.myapp) to both the main app and the extension, but the file never appears, and I still get “unable to open database” errors. My questions are: How do I correctly construct a file URL for an SQLite file in a DeviceActivityReportExtension? Is SQLite the recommended approach here, or is there a more “Apple-approved” pattern for writing data from a DeviceActivity extension? Any sample code snippets, pointers to relevant Apple documentation, or alternative approaches would be greatly appreciated!

We have a launch daemon which can check for team identifier and some other signing information of any application on machine and match it with provided information to confirm the validity of the application/binary. We use SecStaticCodeCreateWithPath to read the signing information of the app/binary which works in most cases. However, for some third party daemon processes, the static code creation fails with error "Operation not permitted". We are having difficult time identifying why static code creation would fail specially when our process is running with root privileges. Can you please help us understand in what scenario can this API fail with this error? Can there be any process or rule which can deny creating static code of a process like endpoint security extensions/daemon? We are using default flags in SecStaticCodeCreateWithPath.

Recently, some feedback has been received. After users upgrade to ipados 17.7.7 and return to the login status and restart the App, it will become invalid. We checked the log and found that the content stored in NSUserdefault would be lost after restarting the App. Has anyone encountered this problem?

Hello, I am working on a daemon which collects information about disk space usage on macOS. APFS has quite complex structure and there is a challenge to get detailed info. My application must provide disk usage by APFS containers. Are there any recommended way to get space usage by particular APFS volume? Are there any recommended way to get free space on particular APFS container? Are there any recommended way to enumerate APFS containers and volumes? I am using Disk Arbitration to get APFS info. However, I get restricted info about space usage because I get get disk usage for mounted volumes only. Are there any public API (daemon-safe) which allows to easily get disk space usage on macOS? Thank you in advance, Pavel

How do I gain access to the Documents folder? Under targets, "signing and capabilities", App Sandbox, I can see the Music folder, Desktop... but not Documents.

I found the live activity process cannot write to the app group and FileManger, can only read the app group. When I write using FileManager in a live activity process, the console prompts me with a permission error. When I write using UserDefault(suit:) in the live activity process, I read a null value in the main app. Is this the case for real-time event design? I haven’t seen any documentation mentioning this. Does anyone know, thank you very much.

Hi All, I am looking for a terminal command to get the exact same output as the file count you recieve when using Get Info in finder. The closest i can get is using the find command with flags: find 'path/to/folder' -not -path '*/\.*' -and -not -path '*\.key/*' -and -not -path '*\.numbers/*' -and -not -path '*\.pages/*' -and -not -path '*__MACOSX/*' -and -not -path '*\.pdf/*' -and -not -path '*\.app/*' -and -not -path '*\.rtfd/*' | wc -l I will be searching on an external volume that sometimes produces keynote save files that finder sometimes sees as a package and sometimes sees as a folder. If a folder finder counts the items contained if a package it doesn't, I need the command or script to mimic this behaviour. In the example of the screenshot get info on the top folder produces a count of 14 and the find command produces a count of 23. There are also other behaviours that differ the file count between them but i'm not sure what causes them. Any help on a solution it being a command or script would be much apreciated. Thanks, James

Testing Environment: iOS 18.4.1 / macOS 15.4.1 I am working on an iOS project that aims to utilize the user's iCloud Drive documents directory to save a specific directory-based file structure. Essentially, the app would create a root directory where the user chooses in iCloud Drive, then it would populate user generated files in various levels of nested directories. I have been attempting to use NSMetadataQuery with various predicates and search scopes but haven't been able to get it to directly monitor changes to files or directories that are not in the root directory. Instead, it only monitors files or directories in the root directory, and any changes in a subdirectory are considered an update to the direct children of the root directory. Example iCloud Drive Documents (Not app's ubiquity container) User Created Root Directory (Being monitored) File A Directory A File B An insertion or deletion within Directory A would only return a notification with userInfo containing data for NSMetadataQueryUpdateChangedItemsKey relating to Directory A, and not the file or directory itself that was inserted or deleted. (Query results array also only contain the direct children.) I have tried all combinations of these search scopes and predicates with no luck: query.searchScopes = [ rootDirectoryURL, NSMetadataQueryUbiquitousDocumentsScope, NSMetadataQueryAccessibleUbiquitousExternalDocumentsScope, ] NSPredicate(value: true) NSPredicate(format: "%K LIKE '*.md'", NSMetadataItemFSNameKey) NSPredicate(format: "%K BEGINSWITH %@", NSMetadataItemPathKey, url.path(percentEncoded: false)) I do see these warnings in the console upon starting my query: [CRIT] UNREACHABLE: failed to get container URL for com.apple.CloudDocs [ERROR] couldn't fetch remote operation IDs: NSError: Cocoa 257 "The file couldn’t be opened because you don’t have permission to view it." "Error returned from daemon: Error Domain=com.apple.accounts Code=7 "(null)"" But I am not sure what to make of that, since it does act normally for finding updates in the root directory. Hopefully this isn't a limitation of the API, as the only alternative I could think of would be to have multiple queries running for each nested directory that I needed updates for.

Hello, I am trying to get space which is consumed by APFS volume. The call getattrlist() works fine on macOS 15 (Apple silicon). However, it returns EINVAL on macOS 11.7.10 (Intel) if ATTR_VOL_SPACEUSED is defined. struct VolAttrBuf { u_int32_t length; off_t spaceUsed; } __attribute__((aligned(4), packed)); int64_t GetVolumeSpaceUsed(const std::string& mountPath) { struct attrlist attrList; std::memset(&attrList, 0, sizeof(attrList)); attrList.bitmapcount = ATTR_BIT_MAP_COUNT; attrList.volattr = ATTR_VOL_INFO | ATTR_VOL_SPACEUSED; VolAttrBuf attrBuf; if (getattrlist(mountPath.c_str(), &attrList, &attrBuf, sizeof(attrBuf), 0) || attrBuf.length > sizeof(attrBuf)) { std::cout << "getattrlist() failed with errno (" << errno << ")" << std::endl; return -1; } return attrBuf.spaceUsed; } Is it bug or ATTR_VOL_SPACEUSED is unsupported on macOS 11? Are there any other way to get space which is used on an APFS volume? (C++) Thank you in advance, Pavel

As of 2025-05-03, when a macOS user enables iCloud Drive synchronization for Desktop &amp; Documents in US region, does iCloud filter xattrs upon upload or later when downloading back to another macOS host? Or is it the case that iCloud has no filtering of third-party xattrs? Where can I find the technical document outlining exactly what iCloud does with xattrs set on macOS host files and folders synchronized with iCloud Drive?

After uploading the app archive generated by Xcode (which passed validation), I received an email stating one or more files had the com.apple.quarantine extended file attribute and to remove the attribute before uploading the archive again. A particular PNG file was identified. In the terminal, I ran the command: xattr -d com.apple.quarantine The response was: "No such xattr: com.apple.quarantine" I also ran "xattr -rd" on the directory containing all app files. No response. The identifed PNG file at fault is a screenshot used only in the app's User Guide. It was created 5 years ago using Apple software: Ctrl-Shift-4 to capture the image, Preview to resize. Given the file does not have the quarantine extended attribute, I can only conclude that Xcode is adding the attribute when building the archive. How do I stop Xcode from adding the attribute? I have search Google with numerous search criteria and check the Apple Developer Forum, but could only find how to remove the attribute using xattr; nothing about Xcode adding the attribute when building an archive.