General: DevForums subtopic: App & System Services > Core OS Core OS is a catch-all subtopic for low-level APIs that don’t fall into one of these more specific areas: Processes & Concurrency Resources Files and Storage Resources Networking Resources Network Extension Resources Security Resources Virtualization Resources Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com"

When a File Provider extension (NSFileProviderReplicatedExtension) mounts a Linux server via SFTP, remote directories containing files that differ only in case (e.g., "README" and "readme") are not represented correctly. The framework silently renames one file locally via the before-bounce mechanism, even though the extension reports both items with distinct identifiers and correct filenames. NSFileProviderActions.h states: "Collision checks should be case insensitive even if the filesystem or file provider might allow two coexisting filenames differing only by their case." This check runs in the framework before writing to disk. Placing the domain on a case-sensitive APFS volume via NSFileProviderDomain(displayName:userInfo:volumeURL:) does not help — the volume passes eligibility but the collision check still applies. This breaks any File Provider extension that mounts case-sensitive filesystems where case-variant filenames are common (especially git repositories). Is there any way to opt out of the case-insensitive collision check per domain? A supportsCaseSensitiveNames property on NSFileProviderDomain would solve this.

I'm writing a read-only filesystem extension. I see that the documentation for loadResource(resource:options:replyHandler:) claims that the --rdonly option is supported, which suggests that this should be possible. However, I have never seen this option provided to my filesystem extension, even if I return usableButLimited as a probe result (where it doesn't mount at all - FB19241327) or pass the -r or -o rdonly options to the mount(8) command. Instead I see those options on the volume's activate call. But other than saving that "readonly" state (which, in my case, is always the case) and then throwing on all write-related calls I'm not sure how to actually mark the filesystem as "read-only." Without such an indicator, the user is still offered the option to do things like trash items in Finder (although of course those operations do not succeed since I throw an EROFS error in the relevant calls). It also seems like the FSKit extensions that come with the system handle read-only strangely as well. For example, for a FAT32 filesystem, if I mount it like mount -r -F -t msdos /dev/disk15s1 /tmp/mnt Then it acts... weirdly. For example, Finder doesn't know that the volume is read-only, and lets me do some operations like making new folders, although they never actually get written to disk. Writing may or may not lead to errors and/or the change just disappearing immediately (or later), which is pretty much what I'm seeing in my own filesystem extension. If I remove the -F option (thus using the kernel extension version of msdos), this doesn't happen. Are read-only filesystems currently supported by FSKit? The fact that extensions like Apple's own msdos also seem to act weirdly makes me think this is just a current FSKit limitation, although maybe I'm missing something. It's not necessarily a hard blocker given that I can prevent writes from happening in my FSKit module code (or, in my case, just not implement such features at all), but it does make for a strange experience. (I reported this as FB21068845, although I'm mostly asking here because I'm not 100% sure this is not just me missing something.)

I have this code in my Virutalization application let process = Process() process.executableURL = URL(fileURLWithPath: "/usr/sbin/diskutil") process.arguments = ["image", "create", "blank", "--fs", "none", "--format", "ASIF", "--size", "2GiB", url.path ] try process.run() process.waitUntilExit() if process.terminationStatus == 0 { print("✅ Disk image creation succeeded.") } else { print("❌ Disk image creation failed with exit code \(process.terminationStatus)") } } catch { print("Process failed to launch: \(error.localizedDescription)") return } this code was working fine until Tahoe 26.2. with the update of 26.3 the system freezes at process.waitUntilExit() The code never exits and i get beech balls. This is working fine with intel macs. i am getting the problem in apple silicon m4 mac mini. Any help would be appreciated.

Hi, I have two issues going on: Creation of macOS VMs requires autologin is enabled: Mon Apr 13 11:27:18 20 anka.log (ankahv) 511: pid 511: installing /Users/veertu/Library/Application Support/Veertu/Anka/img_lib/UniversalMac_15.6.1_24G90_Restore.ipsw... Mon Apr 13 11:27:20 40 anka.log (install) 511: (null): installation failed: Error Domain=VZErrorDomain Code=10007 "The virtual machine failed to start." UserInfo={NSLocalizedFailure=An error occurred during installation., NSLocalizedFailureReason=The virtual machine failed to start., NSUnderlyingError=0xca2c0ced0 {Error Domain=VZErrorDomain Code=-9 "The virtual machine encountered a security error." UserInfo={NSLocalizedFailure=Unable to access security information., NSLocalizedFailureReason=The virtual machine encountered a security error., NSUnderlyingError=0xca3029320 {Error Domain=NSPOSIXErrorDomain Code=22 "Invalid argument" UserInfo={NSLocalizedFailureReason=Failed to get current host key., NSUnderlyingError=0xca30292f0 {Error Domain=NSPOSIXErrorDomain Code=22 "Invalid argument" UserInfo=0xca2a88040 (not displayed)}}}}}} Mon Apr 13 11:27:20 40 anka.log (install) 511: (null): virtual machine stopped with error: Error Domain=VZErrorDomain Code=4 "Transition from state “error” to state “stopping” is invalid." UserInfo={NSLocalizedFailure=Invalid virtual machine state transition., NSLocalizedFailureReason=Transition from state “error” to state “stopping” is invalid.} Mon Apr 13 11:27:20 40 anka.log (install) 511: failed to install macOS: Error Domain=VZErrorDomain Code=10007 "The virtual machine failed to start." UserInfo={NSLocalizedFailure=An error occurred during installation., NSLocalizedFailureReason=The virtual machine failed to start., NSUnderlyingError=0xca2c0ced0 {Error Domain=VZErrorDomain Code=-9 "The virtual machine encountered a security error." UserInfo={NSLocalizedFailure=Unable to access security information., NSLocalizedFailureReason=The virtual machine encountered a security error., NSUnderlyingError=0xca3029320 {Error Domain=NSPOSIXErrorDomain Code=22 "Invalid argument" UserInfo={NSLocalizedFailureReason=Failed to get current host key., NSUnderlyingError=0xca30292f0 {Error Domain=NSPOSIXErrorDomain Code=22 "Invalid argument" UserInfo=0xca2a88040 (not displayed)}}}}}} Running a macOS 26.x VM fails for similar reasons, yet running a 15.x VM works fine: Mon Apr 13 11:20:10 20 0f5d4fe7-edac-4f6d-aebb-f185702f2c25.log (ankahv) 474: pid 474: session started on host 26.4.1 Mon Apr 13 11:20:10 40 0f5d4fe7-edac-4f6d-aebb-f185702f2c25.log (ankahv) 474: 0f5d4fe7-edac-4f6d-aebb-f185702f2c25: failed to start: Error Domain=VZErrorDomain Code=-9 "The virtual machine encountered a security error." UserInfo={NSLocalizedFailure=Unable to access security information., NSLocalizedFailureReason=The virtual machine encountered a security error., NSUnderlyingError=0x76f049e00 {Error Domain=NSPOSIXErrorDomain Code=22 "Invalid argument" UserInfo={NSLocalizedFailureReason=Failed to get current host key., NSUnderlyingError=0x76f049e60 {Error Domain=NSPOSIXErrorDomain Code=22 "Invalid argument" UserInfo={NSLocalizedFailureReason=Failed to create new HostKey., NSUnderlyingError=0x76f049dd0 {Error Domain=NSPOSIXErrorDomain Code=22 "Invalid argument" UserInfo=0x76ec49d60 (not displayed)}}}}}} Mon Apr 13 11:20:10 40 0f5d4fe7-edac-4f6d-aebb-f185702f2c25.log (ankanet) 474: failed to receive packets: Connection reset by peer This is super painful for us to manage since some of our users can't have autologin enabled (like major banks under strict MDM requirements). Or, AWS EC2 Macs which have no VNC enabled at all by default. What's the trick here to make sure we can consistently use virtualization without autologin?

Hello, I am working on a DLP solution for macOS that relies on the Network Extension (NETransparentProxyProvider) for network traffic analysis. Could you please clarify: is it technically possible and officially supported to use a LaunchAgent as the container app to install and manage the Network Extension? If not, what is the recommended approach in case of GUI less application? Thank you in advance.

Hi everyone, I am developing a macOS virtualization manager (VirtualProg) using the Virtualization.framework. The application is distributed via the Mac App Store, so it operates strictly within the App Store Sandbox. I am looking for a reliable, programmatic way to discover the IP address assigned to a guest (both macOS and Linux). Is there a recommended "Sandbox-safe" API or pattern within the Virtualization framework—or a lower-level networking entitlement—that allows a host application to retrieve the guest's assigned IP address? Ideally, I am looking for a solution that does not require the user to manually install a non-sandboxed helper tool. Thanks in advance for any insights or guidance!

I have the following code for port forwarding in mac os virtualization var ipAddr = in_addr() // 1. Convert String to in_addr inet_pton(AF_INET, guestIP, &ipAddr) let status = vmnet_network_configuration_add_port_forwarding_rule( config, UInt8(IPPROTO_TCP), // TCP protocol sa_family_t(AF_INET), // address family guestPort, // internal port (guest) externalPort, // external port (host) &ipAddr // internal address (guest IP) ) if status == .VMNET_SUCCESS { print("✅ Port Forwarding set: Mac:\(externalPort) -> VM(\(guestIP)):\(guestPort)") } else { print("❌ Port Forwarding failed for \(guestIP): \(status.rawValue)") } It is returning success but when i test it it does not work. Is there anything i am doing wrong? Please help me also in fixing this problem. Note: The app runs in sandbox i tried without sandboxing and it does not work either. Please refer to this link https://developer.apple.com/forums/thread/822025?login=true&page=1#884236022 how i am creating the VZVmnetNetworkDeviceAttachment

The file ~/.CFUserTextEncoding contained a string which I can't understand. It's recreated when a user log in. I had found that the result of CoreFoundation.CFStringGetSystemEncoding() is affected by the content of this file. What is this file used for?

Hi, I am developing instant snapshot backup solution for macOS using Endpoint Security. We have stumbled upon a Kernel Panic when using "fclonefileat" API. We are catching a kernel panic on customer machines when attempting to clone the file during ES sync callback: panic(cpu 0 caller 0xfffffe002c495508): "apfs_io_lock_exclusive : Recursive exclusive lock attempt" @fs_utils.c:435 I have symbolized the backtrace to know it is related to clone operation with the following backtrace: apfs_io_lock_exclusive apfs_clone_internal apfs_vnop_clonefile I made a minimal repro that boils down to the following operations: apfs_crash_stress - launch thread to do rsrc writes static void *rsrc_write_worker(void *arg) { int id = (int)(long)arg; char buf[8192]; long n = 0; fill_pattern(buf, sizeof(buf), 'W' + id); while (n < ITERATION_LIMIT) { int file_idx = n % NUM_SOURCE_FILES; int fd = open(g_src_rsrc[file_idx], O_WRONLY | O_CREAT, 0644); if (fd >= 0) { off_t off = ((n * 4096) % RSRC_DATA_SIZE); pwrite(fd, buf, sizeof(buf), off); if ((n & 0x7) == 0) fsync(fd); close(fd); } else { setxattr(g_src[file_idx], "com.apple.ResourceFork", buf, sizeof(buf), 0, 0); } n++; } printf("[rsrc_wr_%d] done (%ld ops)\n", id, n); return NULL; } apfs_crash_es - simple ES client that is cloning the file (error checking omitted for brevity) static std::string volfsPath(uint64_t devId, uint64_t vnodeId) { return "/.vol/" + std::to_string(devId) + "/" + std::to_string(vnodeId); } static void cloneAndScheduleDelete(const std::string& sourcePath, dispatch_queue_t queue, uint64_t devId, uint64_t vnodeId) { struct stat st; if (stat(sourcePath.c_str(), &st) != 0 || !S_ISREG(st.st_mode)) return; int srcFd = open(sourcePath.c_str(), O_RDONLY); const char* cloneDir = "/Users/admin/Downloads/_clone"; mkdir(cloneDir, 0755); const char* filename = strrchr(sourcePath.c_str(), '/'); filename = filename ? filename + 1 : sourcePath.c_str(); std::string cloneFilename = std::string(filename) + ".clone." + std::to_string(time(nullptr)) + "." + std::to_string(getpid()); std::string clonePath = std::string(cloneDir) + "/" + cloneFilename; fclonefileat(srcFd, AT_FDCWD, clonePath.c_str(), 0); { dispatch_after(dispatch_time(DISPATCH_TIME_NOW, 1 * NSEC_PER_SEC), queue, ^{ if (unlink(clonePath.c_str()) == 0) { LOG("Deleted clone: %s", clonePath.c_str()); } else { LOG("Failed to delete clone: %s", clonePath.c_str()); } }); } close(srcFd); } static const es_file_t* file(const es_message_t* msg) { switch (msg->event_type) { case ES_EVENT_TYPE_AUTH_OPEN: return msg->event.open.file; case ES_EVENT_TYPE_AUTH_EXEC: return msg->event.exec.target->executable; case ES_EVENT_TYPE_AUTH_RENAME: return msg->event.rename.source; } return nullptr; } int main(void) { es_client_t* cli; auto ret = es_new_client(&cli, ^(es_client_t* client, const es_message_t * msgc) { if (msgc->process->is_es_client) { es_mute_process(client, &msgc->process->audit_token); return respond(client, msgc, true); } dispatch_async(esQueue, ^{ bool shouldClone = false; if (msgc->event_type == ES_EVENT_TYPE_AUTH_OPEN) { auto& ev = msgc->event.open; if (ev.fflag & (FWRITE | O_RDWR | O_WRONLY | O_TRUNC | O_APPEND)) { shouldClone = true; } } else if (msgc->event_type == ES_EVENT_TYPE_AUTH_UNLINK || msgc->event_type == ES_EVENT_TYPE_AUTH_RENAME) { shouldClone = true; } if (shouldClone) { if (auto f = ::file(msgc)) cloneAndScheduleDelete(f->path.data, cloneQueue, f->stat.st_dev, f->stat.st_ino); } respond(client, msgc, true); }); }); LOG("es_new_client -> %d", ret); es_event_type_t events[] = { ES_EVENT_TYPE_AUTH_OPEN, ES_EVENT_TYPE_AUTH_EXEC, ES_EVENT_TYPE_AUTH_RENAME, ES_EVENT_TYPE_AUTH_UNLINK, }; es_subscribe(cli, events, sizeof(events) / sizeof(*events)); } Create 2 terminal sessions and run the following commands: % sudo ./apfs_crash_es % sudo ./apfs_crash_stress ~/Downloads/test/ Machine will very quickly panic due to APFS deadlock. I expect that no userspace syscall should be able to cause kernel panic. It looks like a bug in APFS implementation and requires fix on XNU/kext side. We were able to reproduce this issue on macOS 26.3.1/15.6.1 on Intel/ARM machines. Here is the panic string: panic_string.txt Source code without XCode project: apfs_crash_es.cpp apfs_crash_stress.cpp Full XCode project + full panic is available at https://www.icloud.com/iclouddrive/0f215KkZffPOTLpETPo-LdaXw#apfs%5Fcrash%5Fes

Hi everyone, I'm looking for clarity on the NFC HCE entitlement process for third-party apps in the EEA. I've built an alternative client for Milan's public transport app (ATM Milano) on Android by reverse engineering the original app. It offers the same core functionality(users still need a valid transit subscription) just with a different UI and better UX. I'd now like to port it to iOS. According to Apple's documentation, NFC HCE was opened to third parties in the EEA starting with iOS 17.4. However, the API requires an entitlement from Apple. I have a few questions: Is the entitlement required regardless of distribution method? Even if I distribute through a third-party marketplace like AltStore PAL rather than the App Store, do I still need Apple to grant the HCE entitlement? Are third-party/alternative clients eligible for the entitlement? My app isn't a competing transit provider, it's an alternative frontend for an existing service. Users must hold a valid subscription with the official provider. Is there anything in the entitlement criteria that would disqualify this kind of app? What's the correct process to apply?Developer Support directed me here, so I'm hoping someone from Apple engineering or someone who has gone through the process can share the steps. Thanks!

The most recent KDK for MacOS Sequoia that appears in the Downloads is for MacOS 15.5 (24F74), but the current version of MacOS Sequoia is 15.6 (24G84) and 15.7 (24G207) is in RC. Is there an ETA for the KDKs for 15.6 (24G84) and 15.7 (24G207) to be made available to download? Many thanks for any help.

我是开发者，日常工作会同时打开大量终端（tmux、多项目、自动化脚本、node‑pty 等）。在这种现代开发场景下，511 的 PTY 上限明显过低，而且这个默认值对顶配机器（128GB RAM）和低配机器是一样的，没有随硬件规格调整，这不合理。 我尝试过使用 tmux control mode 来减少 PTY 占用，但它会导致终端输出对齐错乱，影响可用性，所以必须继续使用 PTY 模式。这意味着只要终端数量稍多，就很容易触及 511 上限，导致系统层面无法创建新终端，影响全局稳定性。 总结： 511 作为默认值在过去或许合理，但对现代开发者明显不足； 顶配机器和低配机器同一上限不合理； control mode 有输出对齐问题，无法作为现实替代方案。 谢谢！ Apple 支持社区工作人员

I'm developing a spatial tracking app using a Qorvo DWM3001CDK (MFi-certified UWB accessory) with NINearbyAccessoryConfiguration. On iPhone 15 (iOS 26.3.1, second-generation UWB chip): supportsDirectionMeasurement = false NINearbyObject.direction is always nil NINearbyObject.distance works correctly (~63Hz) Camera Assistance (isCameraAssistanceEnabled=true) provides horizontalAngle only after ARKit convergence (~10s), and only while the phone is moving On iPhone 12/13 (first-generation UWB chip), direction works correctly with the same accessory. My questions: Is the removal of instantaneous direction measurement for third-party accessories on second-generation UWB devices intentional? Or is this a regression that will be fixed in a future iOS update? If intentional, what is the recommended approach for apps that need real-time direction to a UWB accessory on iPhone 15/16? Camera Assistance requires phone movement and only works with stationary targets, which doesn't work for our use case (tracking a moving object with the phone mounted on a gimbal). Are there any plans to provide instantaneous direction measurement for NINearbyAccessoryConfiguration on second-generation UWB devices? Environment: iPhone 15, iOS 26.3.1 Qorvo DWM3001CDK (FiRa + MFi certified) NINearbyAccessoryConfiguration with isCameraAssistanceEnabled=true Shared ARSession Thank you.

I'm developing an accessory that communicates with iOS/iPadOS via Bluetooth Low Energy and observed some odd behavior. My accessory (peripheral) requests more forgiving BLE connection parameters from the OS (central). The request is initially accepted, but then immediately overwritten by the central with the default parameters. This ultimately leads to a an endless loop of negotiating parameters that eventually results in the peripheral getting overwhelmed and disconnecting. The first solution I tried was simply going along with the central's parameters, but this proved to be less than optimal, as there were still sporadic disconnects. As best as I can tell, the parameters I'm requesting are compliant with Apple's spec (please correct me if I'm wrong): Minimum Connection Interval: 30ms Maximum Connection Interval: 60ms Peripheral Latency: 30 Supervisory Timeout: 6s So my question is this: Is there some mechanism that's causing the central to continuously renegotiate connection parameters, and is there anything I can do inside my accessory to avoid it?

I'm working with an Espressif ESP32-C5 device. The firmware on the device is based on Espressif's base software, which provides Wifi provisioning services via Bluetooth. My firmware also provides its own Bluetooth services too. When the Espressif part of the firmware connects to Wifi, it re-initializes the entire Bluetooth stack, eliminating all of its own services. Mine get added back, but my app starts failing and doing weird things at this point. I believe it is due to iOS caching the GATT configuration and not recognizing that it has changed. If I restart my phone, the problem is cleared. But this is not a good solution to the problem. I need a way to let iOS know that it should clear any cached information related to this device. How can I do that?

We're trying to create 26.4 beta and RC VMs on 15.x and 26.3 host OS' without success. We see Tue Mar 17 17:27:36 40 anka.log (install) 45803: failed to install macOS: Error Domain=VZErrorDomain Code=10006 "Installation requires a software update." UserInfo={NSLocalizedFailure=A software update is required to complete the installation., NSLocalizedFailureReason=Installation requires a software update.} Yet, if we create it the same way on 26.4 beta host OS, it works. We've tried the usual tricks of installing latest Xcode and preparing it (accepting license, etc). But, they don't work on 26.3 and 15.x. What's the trick to get the creation of 26.4 to work on <= 26.3 host OS?

Hello Apple Developer Support and Community, I am a senior software engineer investigating a Disk Writes Resource Violation (bug_type 145) for a photo-management application (BeePhotos v2.3.0). We observed a violation where the app dirtied approximately 1GB of file-backed memory in just 48 seconds, triggering a resource report. [Core Diagnostic Data] The following data is extracted from the .crash report: Event: disk writes Action taken: none Writes caused: 1073.96 MB over 48.28s (Average: 22.24 MB/second) System Limit: 1073.74 MB over 86,400 seconds (Daily limit) Device: iPhone 15 Pro (iPhone16,2) OS Version: iOS 26.4 (Build 23E244) Free Space: 3852.25 MB (Approx. 3.8 GB) [Implementation Details] Our application performs the following sequence for a 1GB video download: Download: Uses NSURLSessionDownloadTask to download the file to the system-provided location URL (in the /tmp or com.apple.nsurlsessiond directory). Move: In didFinishDownloadingToURL, we move the file to the App’s sandbox Library/Caches directory using FileManager.default.moveItem(at:to:). Save: We then add the file to the Photo Library via PHAssetCreationRequest.addResource(with:fileURL:options:) using the local URL in Library/Caches. [Technical Questions] I suspect the 1GB download is being "amplified" into ~3GB of total physical writes, and I would like to confirm the following: Cross-Volume Move: Does moving a file from the nsurlsessiond managed temporary directory to the App’s sandbox Library/Caches constitute a Cross-Volume Move on APFS? If so, does this effectively double the write count (1GB download + 1GB copy-on-move)? PHPhotoLibrary Ingestion: When using PHAssetCreationRequest, does the system perform another 1:1 data copy of the source file into the assets database? Would this result in a 3rd GB of writing? Low Disk Space Impact: Given the device only had 3.85 GB free, does the system’s "low disk space" state (near the 150MB threshold) increase the overhead for metadata updates or physical write amplification that counts towards this limit? Best Practices: To stay within the daily 1GB budget for high-resolution media, is it recommended to call PHAssetCreationRequest directly using the location URL from didFinishDownloadingToURL to avoid intermediary copies? Are there any permission or lifecycle risks with this approach? Any insights from the Apple engineering team or the community on how to minimize the write footprint during high-speed ingestion would be highly appreciated. Best regards

Is it possible to read a custom, non-payment, ISO7816 AID on a multi-application smartcard that also has an active payment AID? I guess Apple Wallet may auto-detect the payment scheme and open, but this could be prevented if my app was already running in the foreground and scanning for the custom AID?

The M5 Pro does not connect to the Wi-Fi AP using RADIUS when NetworkExtension Activiate. The M1 and M2 Pro worked, but only the M5 Pro MacBook Pro did not work. If you deactivate NetworkExtension, it connects to the AP, and afterwards, it works even if you activate NetworkExtension.