As mentioned before, we have to network extensions for our app -- a transparent proxy provider, and a packet filter. We just started testing with multiple users, and I'm seeing what seem to me to be very strange results, but they get less strange if the states aren't system-wide.
Easiest case: I install while I'm logged in, we install the agents and daemons, start everything up, and the app then goes to activate both extensions. This starts with an OSSystemExtensionRequest for each, and when the completion delegate is invoked, I go to "connect" them, which is where the does the load/save preferences. Barring the apparent timing issue I filed a feedback on, this works.
If i then fast-user-switch to a second user, the agent once again starts, and goes through the same process -- it creates an OSSystemExtensionRequest to load them both, the delegate gets invoked, and then it does the connection functions for each. The behaviour might change slightly if the second user is already logged in, but I lost my notes there.
At the end of this, I am left with things in a weird-to-me state:
- For the second user (not an admin), I see three entries in prefs/settings > Network -- one packet filter, and two TPPs. The two TPPs either appear 100% identical, in that they both have the same connection time, or one is connected and the other isn't.
- For the first user (an admin), I sometimes see 1, 2, or 3 entries -- and the VPNs are not always shown as connected.
This is new behaviour for us, so either it's something I'm doing in the connection code, or something in the OS changed. The latter seems unlikely since the machine in question is still running macOS 12.6, but I don't test multiple users very often.
If the packet filter is global, and the TPP network connection is per user, this kinda makes sense (but why did we not notice it before?).