Pete Markowsky

Hi, First off thanks for the bug report. I'm trying to reproduce and running into similar things. Just running `go test` inside a simple package and with compiler rules for...

Ok, digging into this more. Looking at the logs with `/usr/bin/log --predicate 'sender=="com.google.santa.daemon"` to see if we're creating the transitive rules is showing that in the first case we're only...

@Ryxias for right now I'd say your fastest work around would be to use the `AllowedPathRegex`. I've been seeing some of the close events showing up as not-modified from the...

Ok, tracked this down. Endpoint security framework incorrectly sets the modified flag for es_event_close_t events to false for files that were written via mmap/msync as unmodified. [test.c.gz](https://github.com/google/santa/files/7003147/test.c.gz) See the attached...

I've filed an issue with Apple's Feedback assistant they've given it identifier, FB9535577.

At this point I think this is blocked by #744.

Just listing things off the top of my head that we should add to docs: - [ ] How to setup your own environment (bootstrapping with your own dev certs)....

- [ ] Using ESF vs. the KEXT.

We should also document the sync server protocol.

For background, at Google we're using Monarch to monitor our agents specifically CPU/memory usage, look for crash loops and other reliability metrics. Having the Santa integrated helps us find issues...