os_world_writable_system_folder_configure borken since Sonoma 14.4 #103

New Issue

Closed

opened 2026-01-19 18:29:14 +00:00 by michael · 2 comments

michael commented 2026-01-19 18:29:14 +00:00

Owner

Copy Link

Originally created by @borrelm on GitHub.

Summary

Since Sonoma 14.4, os_world_writable_system_folder_configure check and remediation are not appropriate anymore as it appears there are new items world writable for which permissions cannot be change

Steps to reproduce

On a freshly install Sonoma 14.4 run
sudo /usr/bin/find /System/Volumes/Data/System -type d -perm -2 -ls | /usr/bin/grep -v "downloadDir" | /usr/bin/wc -l | /usr/bin/xargs
See that result is not 0 (it is 12 on a system that was previously compliant)
Run
sudo /usr/bin/find /System/Volumes/Data/System -type d -perm -2 -ls | /usr/bin/grep -v "downloadDir"
and see that new items are now catched by this

73326674        0 drwxrwxrwx    3 root             wheel                  96  9 mar 00:21 /System/Volumes/Data/System/Library/AssetsV2/locks
73326675        0 drwxrwxrwx    7 root             wheel                 224  9 mar 00:24 /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework
73327334        0 drwxrwxrwx    3 root             wheel                  96  9 mar 12:21 /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.uaf.platform
73435127        0 drwxrwxrwx    5 root             wheel                 160  9 mar 12:21 /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.uaf.platform/shared_locks
73334748        0 drwxrwxrwx    3 root             wheel                  96  9 mar 00:24 /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding
73334749        0 drwxrwxrwx    5 root             wheel                 160  9 mar 00:24 /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding/shared_locks
73331399        0 drwxrwxrwx    3 root             wheel                  96  9 mar 00:22 /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding.nl.overrides
73331400        0 drwxrwxrwx    5 root             wheel                 160  9 mar 00:22 /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding.nl.overrides/shared_locks
73327928        0 drwxrwxrwx    3 root             wheel                  96  9 mar 00:21 /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.dialog
73327929        0 drwxrwxrwx    5 root             wheel                 160  9 mar 12:21 /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.dialog/shared_locks
73326676        0 drwxrwxrwx    3 root             wheel                  96  9 mar 00:21 /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.findmy
73326677        0 drwxrwxrwx    5 root             wheel                 160  9 mar 00:21 /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.findmy/shared_locks

Try to remediate by running standard remediation

IFS=$'\n'
for sysPermissions in $( /usr/bin/find /System/Volumes/Data/System -type d -perm -2 | /usr/bin/grep -v "downloadDir" ); do
  /bin/chmod -R o-w "$sysPermissions"

get the following errors :

chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.uaf.platform: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.uaf.platform/shared_locks: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding/shared_locks: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding.nl.overrides: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding.nl.overrides/shared_locks: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.dialog: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.dialog/shared_locks: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.findmy: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.findmy/shared_locks: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.uaf.platform: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.uaf.platform/shared_locks: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding/shared_locks: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding.nl.overrides: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding.nl.overrides/shared_locks: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.dialog: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.dialog/shared_locks: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.findmy: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.findmy/shared_locks: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.uaf.platform: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.uaf.platform/shared_locks: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.uaf.platform/shared_locks: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding/shared_locks: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding/shared_locks: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding.nl.overrides: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding.nl.overrides/shared_locks: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding.nl.overrides/shared_locks: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.dialog: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.dialog/shared_locks: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.dialog/shared_locks: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.findmy: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.findmy/shared_locks: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.findmy/shared_locks: Operation not permitted

Operating System version

MacOS Sonoma 14.4 Build 23E214

Intel or Apple Silicon

Silicon Mac. Maybe on Intel too, idk

What is the current bug behavior?

Permissions are not change to comply with standard

What is the expected correct behavior?

Either permissions should be change in some other way or the check should be changed to accept "12" as result

Relevant logs and/or screenshots

sudo /usr/bin/find /System/Volumes/Data/System -type d -perm -2 -ls | /usr/bin/grep -v "downloadDir"

73326674        0 drwxrwxrwx    3 root             wheel                  96  9 mar 00:21 /System/Volumes/Data/System/Library/AssetsV2/locks
73326675        0 drwxrwxrwx    7 root             wheel                 224  9 mar 00:24 /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework
73327334        0 drwxrwxrwx    3 root             wheel                  96  9 mar 12:21 /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.uaf.platform
73435127        0 drwxrwxrwx    5 root             wheel                 160  9 mar 12:21 /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.uaf.platform/shared_locks
73334748        0 drwxrwxrwx    3 root             wheel                  96  9 mar 00:24 /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding
73334749        0 drwxrwxrwx    5 root             wheel                 160  9 mar 00:24 /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding/shared_locks
73331399        0 drwxrwxrwx    3 root             wheel                  96  9 mar 00:22 /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding.nl.overrides
73331400        0 drwxrwxrwx    5 root             wheel                 160  9 mar 00:22 /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding.nl.overrides/shared_locks
73327928        0 drwxrwxrwx    3 root             wheel                  96  9 mar 00:21 /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.dialog
73327929        0 drwxrwxrwx    5 root             wheel                 160  9 mar 12:21 /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.dialog/shared_locks
73326676        0 drwxrwxrwx    3 root             wheel                  96  9 mar 00:21 /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.findmy
73326677        0 drwxrwxrwx    5 root             wheel                 160  9 mar 00:21 /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.findmy/shared_locks

Output of checks

IFS=$'\n'
for sysPermissions in $( /usr/bin/find /System/Volumes/Data/System -type d -perm -2 | /usr/bin/grep -v "downloadDir" ); do
  /bin/chmod -R o-w "$sysPermissions"

get the following errors :

chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.uaf.platform: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.uaf.platform/shared_locks: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding/shared_locks: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding.nl.overrides: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding.nl.overrides/shared_locks: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.dialog: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.dialog/shared_locks: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.findmy: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.findmy/shared_locks: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.uaf.platform: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.uaf.platform/shared_locks: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding/shared_locks: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding.nl.overrides: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding.nl.overrides/shared_locks: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.dialog: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.dialog/shared_locks: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.findmy: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.findmy/shared_locks: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.uaf.platform: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.uaf.platform/shared_locks: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.uaf.platform/shared_locks: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding/shared_locks: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding/shared_locks: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding.nl.overrides: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding.nl.overrides/shared_locks: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding.nl.overrides/shared_locks: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.dialog: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.dialog/shared_locks: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.dialog/shared_locks: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.findmy: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.findmy/shared_locks: Operation not permitted
chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.findmy/shared_locks: Operation not permitted

Possible fixes

(If you can, link to the line of code that might be responsible for the problem)

Originally created by @borrelm on GitHub. ### Summary Since Sonoma 14.4, os_world_writable_system_folder_configure check and remediation are not appropriate anymore as it appears there are new items world writable for which permissions cannot be change ### Steps to reproduce On a freshly install Sonoma 14.4 run `sudo /usr/bin/find /System/Volumes/Data/System -type d -perm -2 -ls | /usr/bin/grep -v "downloadDir" | /usr/bin/wc -l | /usr/bin/xargs` See that result is not 0 (it is 12 on a system that was previously compliant) Run `sudo /usr/bin/find /System/Volumes/Data/System -type d -perm -2 -ls | /usr/bin/grep -v "downloadDir"` and see that new items are now catched by this ``` 73326674 0 drwxrwxrwx 3 root wheel 96 9 mar 00:21 /System/Volumes/Data/System/Library/AssetsV2/locks 73326675 0 drwxrwxrwx 7 root wheel 224 9 mar 00:24 /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework 73327334 0 drwxrwxrwx 3 root wheel 96 9 mar 12:21 /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.uaf.platform 73435127 0 drwxrwxrwx 5 root wheel 160 9 mar 12:21 /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.uaf.platform/shared_locks 73334748 0 drwxrwxrwx 3 root wheel 96 9 mar 00:24 /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding 73334749 0 drwxrwxrwx 5 root wheel 160 9 mar 00:24 /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding/shared_locks 73331399 0 drwxrwxrwx 3 root wheel 96 9 mar 00:22 /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding.nl.overrides 73331400 0 drwxrwxrwx 5 root wheel 160 9 mar 00:22 /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding.nl.overrides/shared_locks 73327928 0 drwxrwxrwx 3 root wheel 96 9 mar 00:21 /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.dialog 73327929 0 drwxrwxrwx 5 root wheel 160 9 mar 12:21 /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.dialog/shared_locks 73326676 0 drwxrwxrwx 3 root wheel 96 9 mar 00:21 /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.findmy 73326677 0 drwxrwxrwx 5 root wheel 160 9 mar 00:21 /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.findmy/shared_locks ``` Try to remediate by running standard remediation ``` IFS=$'\n' for sysPermissions in $( /usr/bin/find /System/Volumes/Data/System -type d -perm -2 | /usr/bin/grep -v "downloadDir" ); do /bin/chmod -R o-w "$sysPermissions" ``` get the following errors : ``` chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.uaf.platform: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.uaf.platform/shared_locks: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding/shared_locks: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding.nl.overrides: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding.nl.overrides/shared_locks: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.dialog: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.dialog/shared_locks: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.findmy: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.findmy/shared_locks: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.uaf.platform: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.uaf.platform/shared_locks: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding/shared_locks: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding.nl.overrides: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding.nl.overrides/shared_locks: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.dialog: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.dialog/shared_locks: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.findmy: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.findmy/shared_locks: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.uaf.platform: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.uaf.platform/shared_locks: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.uaf.platform/shared_locks: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding/shared_locks: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding/shared_locks: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding.nl.overrides: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding.nl.overrides/shared_locks: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding.nl.overrides/shared_locks: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.dialog: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.dialog/shared_locks: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.dialog/shared_locks: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.findmy: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.findmy/shared_locks: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.findmy/shared_locks: Operation not permitted ``` ### Operating System version MacOS Sonoma 14.4 Build 23E214 ### Intel or Apple Silicon Silicon Mac. Maybe on Intel too, idk ### What is the current *bug* behavior? Permissions are not change to comply with standard ### What is the expected *correct* behavior? Either permissions should be change in some other way or the check should be changed to accept "12" as result ### Relevant logs and/or screenshots `sudo /usr/bin/find /System/Volumes/Data/System -type d -perm -2 -ls | /usr/bin/grep -v "downloadDir"` ``` 73326674 0 drwxrwxrwx 3 root wheel 96 9 mar 00:21 /System/Volumes/Data/System/Library/AssetsV2/locks 73326675 0 drwxrwxrwx 7 root wheel 224 9 mar 00:24 /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework 73327334 0 drwxrwxrwx 3 root wheel 96 9 mar 12:21 /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.uaf.platform 73435127 0 drwxrwxrwx 5 root wheel 160 9 mar 12:21 /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.uaf.platform/shared_locks 73334748 0 drwxrwxrwx 3 root wheel 96 9 mar 00:24 /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding 73334749 0 drwxrwxrwx 5 root wheel 160 9 mar 00:24 /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding/shared_locks 73331399 0 drwxrwxrwx 3 root wheel 96 9 mar 00:22 /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding.nl.overrides 73331400 0 drwxrwxrwx 5 root wheel 160 9 mar 00:22 /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding.nl.overrides/shared_locks 73327928 0 drwxrwxrwx 3 root wheel 96 9 mar 00:21 /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.dialog 73327929 0 drwxrwxrwx 5 root wheel 160 9 mar 12:21 /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.dialog/shared_locks 73326676 0 drwxrwxrwx 3 root wheel 96 9 mar 00:21 /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.findmy 73326677 0 drwxrwxrwx 5 root wheel 160 9 mar 00:21 /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.findmy/shared_locks ``` ### Output of checks ``` IFS=$'\n' for sysPermissions in $( /usr/bin/find /System/Volumes/Data/System -type d -perm -2 | /usr/bin/grep -v "downloadDir" ); do /bin/chmod -R o-w "$sysPermissions" ``` get the following errors : ``` chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.uaf.platform: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.uaf.platform/shared_locks: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding/shared_locks: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding.nl.overrides: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding.nl.overrides/shared_locks: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.dialog: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.dialog/shared_locks: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.findmy: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.findmy/shared_locks: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.uaf.platform: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.uaf.platform/shared_locks: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding/shared_locks: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding.nl.overrides: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding.nl.overrides/shared_locks: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.dialog: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.dialog/shared_locks: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.findmy: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.findmy/shared_locks: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.uaf.platform: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.uaf.platform/shared_locks: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.uaf.platform/shared_locks: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding/shared_locks: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding/shared_locks: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding.nl.overrides: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding.nl.overrides/shared_locks: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.understanding.nl.overrides/shared_locks: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.dialog: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.dialog/shared_locks: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.dialog/shared_locks: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.findmy: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.findmy/shared_locks: Operation not permitted chmod: Unable to change file mode on /System/Volumes/Data/System/Library/AssetsV2/locks/com.apple.UnifiedAssetFramework/com.apple.siri.findmy/shared_locks: Operation not permitted ``` ### Possible fixes (If you can, link to the line of code that might be responsible for the problem)

michael closed this issue 2026-01-19 18:29:15 +00:00

michael commented 2026-01-19 18:29:15 +00:00

Author

Owner

Copy Link

@golbiga commented on GitHub:

@borrelm this was addressed in #355. The new check fix takes into account the locks folder. You can either pull down the changes or adjust your script accordingly.

Check:

/usr/bin/find /System/Volumes/Data/System -type d -perm -2 -ls | /usr/bin/grep -vE "downloadDir|locks" | /usr/bin/wc -l | /usr/bin/xargs

Fix:

IFS=$'\n'
  for sysPermissions in $( /usr/bin/find /System/Volumes/Data/System -type d -perm -2 | /usr/bin/grep -vE "downloadDir|locks" ); do
    /bin/chmod -R o-w "$sysPermissions"
  done

@golbiga commented on GitHub: @borrelm this was addressed in #355. The new check fix takes into account the `locks` folder. You can either pull down the changes or adjust your script accordingly. Check: ``` /usr/bin/find /System/Volumes/Data/System -type d -perm -2 -ls | /usr/bin/grep -vE "downloadDir|locks" | /usr/bin/wc -l | /usr/bin/xargs ``` Fix: ``` IFS=$'\n' for sysPermissions in $( /usr/bin/find /System/Volumes/Data/System -type d -perm -2 | /usr/bin/grep -vE "downloadDir|locks" ); do /bin/chmod -R o-w "$sysPermissions" done ```

michael commented 2026-01-19 18:29:15 +00:00

Author

Owner

Copy Link

@borrelm commented on GitHub:

My bad 😣
Thanks @golbiga !

@borrelm commented on GitHub: My bad 😣 Thanks @golbiga !

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

dev_2.0_generate_mapping

dev_2.0

sequoia

sonoma

nist-pages

nist-pages-docs

ios_18

ios_26

ios_26_cmmc

dev_2.0_compliance_script

tahoe

visionos_26

dev_ios_26_stig

dev_visionOS_26_stig

dev_tahoe_adjustments

ios_17

dev_sequoia_bio

tahoe_578-typo-in-os_sshd_fips_compliantyaml-fix-code

ventura

ios_16

visionos_2

505-create-python-scp-library

monterey

big_sur

catalina

tahoe_rev2

sequoia_rev4

visionos26_rev2

ios26_rev2

tahoe_rev1

visionos26_rev1

ios26_rev1

sonoma_rev5

sequoia_rev3

ios18_rev3

ios17_rev4

ventura_rev6

sonoma_rev4

sequoia_rev2

visionos_rev2

ios18_rev2.0

ios16_rev4

sequoia_rev1.1

ventura_rev5.1

ios18_rev1.1

sonoma_rev3.1

sequoia_rev1

visionos_rev1

ios18_rev1

ios17_rev3

ios16_rev3

ventura_rev5

sonoma_rev3

ventura_rev4

sonoma_rev2

ios17_rev2

ios16_rev2

monterey_rev6

sonoma_rev1

ventura_rev3

monterey_rev5

ios16_rev1

ios17_rev1

big_sur_rev7

monterey_rev4

ventura_rev2

ventura_rev1.1

monterey_rev3.1

big_sur_rev6.1

ventura_rev1

monterey_rev3

big_sur_rev6

monterey_rev2

catalina_rev6

big_sur_rev5

monterey_rev1

big_sur_rev4

catalina_rev5

big_sur_rev3

catalina_rev4

big_sur_rev2

catalina_rev3

big_sur_rev1

catalina_rev2

catalina_rev1

v0.9

Labels

No items

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

michael

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: usnistgov/macos_security#103