I'm trying to figure out why I can't install a certain third-party security product.
While digging into this issue, found some resources that bring up the systemextensionsctl command.
I have SIP disabled.
Just updated to macOS 10.15.4.
When I try 'systemextensionsctl list' as user root, I get this error:
# systemextensionsctl list 2>&1
2 extension(s)
--- com.apple.system_extension.endpoint_security
enabled active teamID bundleID (version) name [state]
2020-03-25 22:57:29.601 systemextensionsctl[3696:28998] Completely failed to resolve bundle info
Abort trap: 6
This is the output from dtruss:
root# dtruss systemextensionsctl list 2>&1
SYSCALL(args) = return
2 extension(s)
--- com.apple.system_extension.endpoint_security
enabled active teamID bundleID (version) name [state]
2020-03-25 23:04:01.812 systemextensionsctl[3816:31781] Completely failed to resolve bundle info
issetugid(0x0, 0x0, 0x0) = 0 0
getentropy(0x7FFEEF641840, 0x20, 0x0) = 0 0
getentropy(0x7FFEEF641890, 0x40, 0x0) = 0 0
getpid(0x0, 0x0, 0x0) = 3816 0
stat64("/AppleInternal\0", 0x7FFEEF642400, 0x0) = -1 Err#2
csops_audittoken(0xEE8, 0x7, 0x7FFEEF641F50) = 0 0
proc_info(0x2, 0xEE8, 0xD) = 64 0
csops_audittoken(0xEE8, 0x7, 0x7FFEEF6417D0) = 0 0
geteuid(0x0, 0x0, 0x0) = 0 0
getuid(0x0, 0x0, 0x0) = 0 0
sysctl([CTL_KERN, 14, 1, 3816, 0, 0] (4), 0x7FFEEF640AA8, 0x7FFEEF640A88, 0x0, 0x0) = 0 0
gettid(0x7FFEEF640D90, 0x7FFEEF640D94, 0x0) = -1 Err#3
geteuid(0x0, 0x0, 0x0) = 0 0
getegid(0x0, 0x0, 0x0) = 0 0
csops(0xEE8, 0x0, 0x7FFEEF641AEC) = 0 0
proc_info(0x2, 0xEE8, 0xB) = 0 0
gettid(0x7FFEEF640D60, 0x7FFEEF640D64, 0x0) = -1 Err#3
geteuid(0x0, 0x0, 0x0) = 0 0
getegid(0x0, 0x0, 0x0) = 0 0
csrctl(0x0, 0x7FFEEF643C3C, 0x4) = 0 0
sysctlbyname(kern.osvariant_status, 0x15, 0x7FFEEF643BC8, 0x7FFEEF643BC0, 0x0) = 0 0
workq_kernreturn(0x400, 0x7FFEEF6432E8, 0x18) = 0 0
workq_open(0x0, 0x0, 0x0) = 0 0
workq_kernreturn(0x80, 0x0, 0x20FF) = 0 0
kevent_qos(0xFFFFFFFFFFFFFFFF, 0x7FFEEF6433D8, 0x1) = 0 0
kevent_qos(0xFFFFFFFFFFFFFFFF, 0x7FFEEF643380, 0x1) = 0 0
kevent_qos(0xFFFFFFFFFFFFFFFF, 0x7FFEEF6433A0, 0x1) = 0 0
kevent_id(0x7FED42D0A360, 0x7FFEEF6439D0, 0x1) = 0 0
proc_info(0x2, 0xEE8, 0xD) = 64 0
kevent_id(0x7FED42D0A360, 0x7FFEEF6436E0, 0x1) = 0 0
thread_selfid(0x0, 0x0, 0x0) = 31784 0
getrlimit(0x1008, 0x7FFEEF6438C0, 0x0) = 0 0
fstat64(0x1, 0x7FFEEF6438A8, 0x0) = 0 0
ioctl(0x1, 0x4004667A, 0x7FFEEF6438F4) = 0 0
write_nocancel(0x1, "2 extension(s)\n\0", 0xF) = 15 0
write_nocancel(0x1, "--- com.apple.system_extension.endpoint_security\n\0", 0x31) = 49 0
write_nocancel(0x1, "enabled\tactive\tteamID\tbundleID (version)\tname\t[state]\n\0", 0x36) = 54 0
lstat64("/Library\0", 0x7FFEEF642660, 0x0) = 0 0
lstat64("/Library/SystemExtensions\0", 0x7FFEEF642660, 0x0) = 0 0
lstat64("/Library/SystemExtensions/E6BFF938-844B-4093-A157-E7FF35DC4E61\0", 0x7FFEEF642660, 0x0) = 0 0
lstat64("/Library/SystemExtensions/E6BFF938-844B-4093-A157-E7FF35DC4E61/com.symantec.mes.systemextension.systemextension\0", 0x7FFEEF642660, 0x0) = -1 Err#2
stat64("/Library/SystemExtensions/E6BFF938-844B-4093-A157-E7FF35DC4E61/com.symantec.mes.systemextension.systemextension\0", 0x7FFEEF6433A0, 0x0) = -1 Err#2
proc_info(0x2, 0xEE8, 0x11) = 56 0
proc_info(0x2, 0xEE8, 0x11) = 56 0
sysctl([CTL_KERN, 14, 1, 3816, 0, 0] (4), 0x7FFEEF6433B8, 0x7FFEEF6433A8, 0x0, 0x0) = 0 0
issetugid(0x0, 0x0, 0x0) = 0 0
kevent_qos(0xFFFFFFFFFFFFFFFF, 0x7FFEEF643190, 0x1) = 0 0
kevent_id(0x7FED42C09550, 0x7FFEEF643190, 0x1) = 0 0
shm_open(0x7FFF6B622280, 0x0, 0x0) = 3 0
mmap(0x0, 0x1000, 0x1, 0x1, 0x3, 0x0) = 0x1005DC000 0
close_nocancel(0x3) = 0 0
openat(0xFFFFFFFFFFFFFFFE, "/Library/Preferences/Logging/com.apple.diagnosticd.filter.plist\0", 0x1000104, 0xFFFFFFFFEF643188) = -1 Err#2
getattrlist("/usr/bin/systemextensionsctl\0", 0x7FFEEF642B40, 0x7FFEEF642B58) = 0 0
access("/usr/bin\0", 0x5, 0x0) = 0 0
open_nocancel("/usr/bin\0", 0x1100004, 0x0) = 3 0
sysctlbyname(kern.secure_kernel, 0x12, 0x7FFEEF642644, 0x7FFEEF642648, 0x0) = 0 0
fstatfs64(0x3, 0x7FFEEF642648, 0x0) = 0 0
getdirentries64(0x3, 0x7FED4300CC00, 0x2000) = 8160 0
getdirentries64(0x3, 0x7FED4300CC00, 0x2000) = 8160 0
getdirentries64(0x3, 0x7FED4300CC00, 0x2000) = 8176 0
getdirentries64(0x3, 0x7FED4300CC00, 0x2000) = 8184 0
getdirentries64(0x3, 0x7FED4300CC00, 0x2000) = 3720 0
close_nocancel(0x3) = 0 0
access("/usr\0", 0x5, 0x0) = 0 0
open_nocancel("/usr\0", 0x1100004, 0x0) = 3 0
fstatfs64(0x3, 0x7FFEEF642648, 0x0) = 0 0
getdirentries64(0x3, 0x7FED4300CC00, 0x2000) = 360 0
close_nocancel(0x3) = 0 0
access("/usr/bin\0", 0x4, 0x0) = 0 0
open("/usr/bin\0", 0x0, 0x0) = 3 0
fstat64(0x3, 0x7FED42C09A30, 0x0) = 0 0
csrctl(0x0, 0x7FFEEF642DFC, 0x4) = 0 0
fcntl(0x3, 0x32, 0x7FFEEF642A70) = 0 0
close(0x3) = 0 0
open("/usr/bin/Info.plist\0", 0x0, 0x4) = -1 Err#2
proc_info(0x2, 0xEE8, 0xD) = 64 0
fstat64(0x2, 0x7FFEEF643640, 0x0) = 0 0
access("/etc/localtime\0", 0x4, 0x0) = 0 0
open_nocancel("/etc/localtime\0", 0x0, 0x0) = 3 0
fstat64(0x3, 0x7FFEEF643018, 0x0) = 0 0
read_nocancel(0x3, "TZif2\0", 0xA1E8) = 3559 0
close_nocancel(0x3) = 0 0
issetugid(0x0, 0x0, 0x0) = 0 0
open_nocancel("/var/db/timezone/zoneinfo/posixrules\0", 0x0, 0x0) = 3 0
fstat64(0x3, 0x7FFEEF642E58, 0x0) = 0 0
read_nocancel(0x3, "TZif2\0", 0xA1E8) = 3519 0
close_nocancel(0x3) = 0 0
madvise(0x1005E9000, 0xB000, 0x9) = 0 0
madvise(0x1005DD000, 0xB000, 0x9) = 0 0
writev(0x2, 0x7FFEEF643600, 0x3) = 97 0
sigprocmask(0x3, 0x7FFEEF64386C, 0x0) = 0x0 0
bsdthread_ctl(0x1000, 0x1, 0x0) = 0 0
__pthread_sigmask(0x3, 0x7FFEEF643860, 0x0) = 0 0
__pthread_kill(0x703, 0x6, 0x0) = 0 0
workq_kernreturn(0x100, 0x700002DA6B80, 0x1) = 0 Err#-2
Any ideas?
Thanks,
Julius