launcher icon indicating copy to clipboard operation
launcher copied to clipboard
verified publisher icon kolide

macOS Sequoia `Access Local Network` prompt

Open directionless opened this issue 1 year ago • 1 comments

We're hearing reports that the new macOS Sequoia beta is causing prompts about Allow osquery to find devices on local networks This would be a horrific customer experience, and we need to understand more about what's happening...

  1. AFAIK this should only apply to things running in user context and accessing the network
  2. We run osquery in launchd context
  3. Except for screenlock, is that's what's happening?
  4. We run launcher in usercontext for the menu
  5. An Apple friend tells me there's an occasional bug where this triggers for launchd contexts

Threads:

  • https://onepassword.slack.com/archives/C06KP4H82JH/p1723583314739589
  • https://forums.developer.apple.com/forums/thread/663858

directionless avatar Aug 19 '24 20:08 directionless

Reproducing the popup

Upgrade to Sequoia Beta. You will get the popup after upgrade.

To trigger the popup again, uninstall launcher, reboot the machine, and reinstall launcher.

In Privacy & Security => Local Network, you can see osquery is allowed or disallowed depending on how you responded to the prompt.

Actions that do NOT reproduce the popup

  1. Unloading and reloading launcher
  2. Refreshing all checks
  3. Querying the screenlock and curl tables via launcher interactive
  4. Uninstalling and reinstalling launcher without a reboot in between
  5. tccutil reset All io.osquery.agent (even with a reboot)

I have not yet found an actual consequence for selecting "Don't Allow". No error logs (osquery, launcher, or in the Console), and no missing data when running checks.

RebeccaMahany avatar Aug 21 '24 20:08 RebeccaMahany

I think Apple resolved this

directionless avatar Jul 29 '25 18:07 directionless