Hi, I'm trying save and restore features of VZ Framework with saveMachineStateTo and restoreMachineStateFrom(vzvmsaveFilePath) with completionHandler. Saving feature works well without any errors, .vzvmsave file created on my local mac, but the problem occurs on restore. After creating VM with the same volume mounts I used to make .vzvmsave, restoreMachineStateFrom method sends error. Failed to load VM from .vzvmsave file with Error Domain=VZErrorDomain Code=12 UserInfo={NSLocalizedFailure=<private>, NSLocalizedFailureReason=<private>} Because Localized Failure and its reason are both 'private', I cannot get what exactly happened to this VM app. Only thing I know here is the Code of VZError but nobody summarized what exactly the error code means. Could anyone give me the list of VZError code list please?

Hi, I am using a compile version of binay file on MacOS 15.1 I run it as one user and try to become another user The binary is working on other Linux distrvtuions, but not in MacOS, it have setuid + setgid and the owner of the binary is root [ri-mac02:~] dvcm% ls -l /dv/sbtools/mca64/bin/wscho -rwsr-sr-x 1 root wheel 51826 Apr 7 12:47 /dv/sbtools/mca64/bin/wscho When running it failed on the following error: ri-mac02:~] dvcm% /dv/sbtools/mca64/bin/wscho alexr /dv/p4pusers05ri/alexr/alexr_ri_agile /dv/sbtools/mca64/bin/wscho: unable to set gid for user root [0] (Operation not permitted) Please help to address it Thanks, Amir

I tried to use the following code to get a virtual address within 4GB memory space int size = 4 * 1024; int flags = MAP_PRIVATE | MAP_ANONYMOUS | MAP_32BIT; void* addr = mmap(NULL, size, PROT_READ | PROT_WRITE, flags, -1, 0); I also tried MAP_FIXED and pass an address for the first argument of mmap. However neither of them can get what I want. Is there a way to get a virtual memory address within 4GB on arm64 on MacOS?

I'm trying to construct a URL that, when tapped, would launch Files app and open the Downloads folder on the iPhone (not in iCloud Drive). I know the URL scheme is shareddocuments but I can't figure out the path. I have tried a few things including writing a simple iOS app and using Scriptable app. But I always get a sandboxed path such as /private/var/mobile/Containers/Data/Application/87CC2F48-AF1C-4C80-8D75-B6CC1FC642E3/Downloads/. But that wouldn't work across devices. Does anyone happen to know the path or a method to obtain the non-sandboxed path? Thanks. PS I already figured out the Downloads folder in iCloud Drive, which is shareddocuments:///private/var/mobile/Library/Mobile%20Documents/com~apple~CloudDocs/Downloads. But what I need is the one on the iPhone.

Hello Apple Developer Community, We're implementing the PushToTalk framework as recommended. According to Apple engineers in previous forum responses : the framework allows your app to continue receiving push notifications even after your app is terminated or the device is rebooted. Implementation: We've properly implemented: Early initialization of PTChannelManager via channelManager(delegate:restorationDelegate:completionHandler:) Channel joining with requestJoinChannel(channelUUID:descriptor:) when foregrounded All required delegate methods Issue After a user force quits our app, PushToTalk functionality works briefly but fails after some time (minutes to hours). The system logs show: AudioSessionServerImpCommon.mm:105 { "action":"cm_session_begin_interruption", "error":"translating CM session error", "session":{"ID":"0x72289","name":"getcha(2958)"}, "details":{ "calling_line":997, "error_code":-12988, "error_string":"Missing entitlement" } } We suspect that entitlement after force-quitting the app, there's a permission cache that temporarily allows functionality, but once this cache is cleared, the features stop working. Without this entitlement, both audio playback and recording fail, completely breaking the PTT functionality. Questions Which specific entitlement is missing according to this error? Is there a permission caching mechanism that expires after force quit? How can we ensure reliable PTT operation after force quit as stated in documentation? This behavior contradicts Apple's guidance that PushToTalk should work reliably after termination. Any insights would be greatly appreciated. Thank you!

We have a launch daemon which can check for team identifier and some other signing information of any application on machine and match it with provided information to confirm the validity of the application/binary. We use SecStaticCodeCreateWithPath to read the signing information of the app/binary which works in most cases. However, for some third party daemon processes, the static code creation fails with error "Operation not permitted". We are having difficult time identifying why static code creation would fail specially when our process is running with root privileges. Can you please help us understand in what scenario can this API fail with this error? Can there be any process or rule which can deny creating static code of a process like endpoint security extensions/daemon? We are using default flags in SecStaticCodeCreateWithPath.

Apologies in advance for the long post. I'm new to HomeKit and Matter but not to development, I'm trying to write a SwiftUI app for my smart home to store all of my HomeKit and Matter setup barcodes along with other bits of information. The intention is to scan the QR codes with my App and then save that QR payload in a simple Database along with other manually entered device details. Example payloads: X-HM://00GWIN0B5PHPG <-- Eufy V120 HomeKit Camera MT:GE.01-C-03FOPP6B110 <-- Moes GU10 Matter Bulb I have it 99% working, my app is even able to discern the manual pairing code from the above payloads. However one of the key feature of this is that I want to open a device entry in my app and tap the HomeKit or Matter code displayed in my app and and either: a) Ideally pass it off to the Apple Home app to initiate pairing just like the native Camera App can. b) Create a custom flow in my app using the HomeKit or Matter API's to initiate paring from within my app. So ideally just like the flow that happens when you scan a setup QR with the normal camera and tap "Open in Home". However I want to trigger this flow with just knowing the Payload and not with scanning it via the camera. I was hoping there might be something as simple as a URL scheme that I could call with the payload as a variable and it then deep links and switches to the Home app, but I haven't found any info relating to this that actually works. This is some code I have tried with the HomeKit API but this also results in an error: import HomeKit func startHomePairing(with setupCode: String) { // Handle HomeKit setup guard let payload = HMAccessorySetupPayload(url: URL(string: setupCode)!) else { print("Invalid HomeKit setup code or format.") return } let setupRequest = HMAccessorySetupRequest() setupRequest.payload = payload let setupManager = HMAccessorySetupManager() // Perform the setup request and handle the result setupManager.performAccessorySetup(using: setupRequest) { result, error in if let error = error { // Error handling: print the error details print("Error starting setup: \(error.localizedDescription)") // Print more details for debugging print("Full Error: \(error)") } else { // Success: pairing was successful print("Successfully launched Home app for HomeKit setup.") } } } But when passing in the QR payloads above it give the following .. HomeKit Code [0CAB3B05] Failed to perform accessory setup using request: Error Domain=HMErrorDomain Code=17 "(null)" Matter Code Failed to create HMSetupAccessoryPayload from setup payload URL MT:GE.01-C-03FOPP6B110: Error Domain=HMErrorDomain Code=3 "(null)" I have added the "HomeKit" and "Matter Allow Setup Payload" capabilities to my app, I have also ensured I have these in the .plist .. <key>NSHomeKitUsageDescription</key> <string>Access required to HomeKit to initiate pairing for new accessories</string> I also added a call to ensure my app appears in the Settings / Privacy / HomeKit section. I originally thought was a seemingly simple task, but I am really struggling with how to make it work!

My team has developed an app with a Matter commissioner feature (for own ecosystem) using the Matter framework on the MatterSupport extension. Recently, we've noticed that commissioning Matter devices with the MatterSupport extension has become very unstable. Occasionally, the HomeUIService stops the flow after commissioning to the first fabric successfully, displaying the error: "Failed to perform Matter device setup: Error Domain=HMErrorDomain Code=2." (normally, it should send open commissioning window to the device and then add the device to the 2nd fabric). The issue is never seen before until recently few weeks and there is no code changes in the app. We are suspected that there is some data that fail to download from the icloud or apple account that cause this problem. For evaluation, we tried removing the HomeSupport extension and run the Matter framework directly in developer mode, this issue disappears, and commissioning works without any problems.

Hi all, I’m building an iOS app where I need to determine user picked files or folders using UIDocumentPickerViewController, whether the selected item is synced or managed by a cloud storage provider such as: Google Drive iCloud Drive OneDrive Dropbox or any third-party File Provider extension My intent is to detect this and optionally warn the user that the item may be subject to syncing behavior. So far, I’ve tried a few different approaches: Extended Attributes (listxattr / getxattr) While this does not give reliable outcome. Heuristically search for keywords like 'Drive', 'GoogleDrive' etc But this is also not reliable. Question Is there any possible reliable and documented way to detect programmatically if a file/folder is cloud-synced or managed by a File Provider from within a regular iOS app (not an extension), especially for: Google Drive OneDrive Dropbox iCloud Other third-party providers? Also, is there any recommended fallback strategy for iOS versions prior to 17 where NSFileProviderManager may have limitations? Any input from Apple engineers or those who have tackled this would be hugely appreciated! Thanks in advance 🙌

I am using macOS virtualization farmework and able to create nad and run VMS. I need to resize the disk images using hdiutil in app sandbox environment. Is that possible? i tried disabling sandbox and it worked ok. But with sandbox i get the error message device is not configured. If this cant be done in sandbox what could be the alternative way to to achive this in sandboxed app. thanks

Is there a delay or problem at the OS end during subsequent jack connections if IOS is running a Bluetooth and beacon connection and it stays without a connection for a few hours?

We have an enterprise mac OS X application which uses the UserDefaults to store the onboarding states. The strange part here is that the newly installed mac OS X app is still be able to access the UserDefalus data of removed application. Because of this, the application never becomes as a freshly installed app. Is it any limitation to Enterprise mac OS X apps? Could you please provide us the resolution for this issue.

I have installed the following configuration profile: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>PayloadContent</key> <array> <dict> <key>PayloadDisplayName</key> <string>Enable Private Data Logging for Unified Logging</string> <key>PayloadEnabled</key> <true/> <key>PayloadIdentifier</key> <string>com.apple.system.logging.2BFB8109-8829-4020-AEB7-BA21761AE50C</string> <key>PayloadType</key> <string>com.apple.system.logging</string> <key>PayloadUUID</key> <string>2BFB8109-8829-4020-AEB7-BA21761AE50C</string> <key>PayloadVersion</key> <integer>1</integer> <key>System</key> <dict> <key>Enable-Private-Data</key> <true/> </dict> </dict> </array> <key>PayloadDisplayName</key> <string>Enable Private Logging Data</string> <key>PayloadIdentifier</key> <string>Kentzo-Macbook.D000DF5D-AE7A-4D22-B1DC-8F9CD71A2DD2</string> <key>PayloadRemovalDisallowed</key> <false/> <key>PayloadType</key> <string>Configuration</string> <key>PayloadUUID</key> <string>1CF75441-D3C2-4E5B-B36A-394C397E8529</string> <key>PayloadVersion</key> <integer>1</integer> <key>ConsentText</key> <dict> <key>default</key> <string>Warning: Installing this profile will enable private data logging for all of unified logging.</string> </dict> </dict> </plist> But both Console.app and log show values like <mask.hash: 'Z9xIxlLTn0KlWPUjmpOSkg=='> for the com.apple.mDNSResponder subsystem. What do I need to do to reveal this information?

I have developed an app to create and run virual machines using mac os virtualization framework for apple siicon and intel macs. I have tried ubuntu, fedora, debian & linux mint distros and they all worked fine with intel macs. But when i try to run other distros like mx linux, manjaro, pop os, endevour os etc on intel mac they all on booting iso just shows the black screen. is there any list of officilay support linux distros for intel macs and apple silicon. the support of linux distros are fairly limited or am i missing something.

It seems like this is not supported in the Simulator because when I run my Unit tests and I try to read protection key-value the value is always nil, even if I set the data protection level when I write the file. On device this key returns the expected value. Is it possible to have the simulator support the data protection classes to run my unit tests? FYI Im testing on iOS

We’re receiving increasing user reports that our macOS app is unexpectedly terminated in the background—without crash reports or user action. Our app is a sandboxed status-bar app (UIElement, NSStatusItem) running continuously, syncing data via CloudKit and Core Data. It has no main window unless opened via the status bar. Observed patterns: Happens more frequent on macOS 15 (Sonoma), though earlier versions are affected too. Often occurs when disk space is limited (~10% free), but occasionally happens with ample free space. System logs consistently show: CacheDeleteAppContainerCaches requesting termination assertion for &lt;our bundle ID&gt; No crash reports are generated, indicating macOS silently terminates our app, likely related to RunningBoard or CacheDelete purging caches during disk pressure. Since our app is meant to run persistently, these silent terminations significantly disrupt user experience. We’re seeking guidance on: Can we prevent or reduce these terminations for persistently running status bar apps? Are there recommended APIs or configurations (e.g., NSProcessInfo assertions, entitlements, LaunchAgents) to resist termination or receive notifications under low disk conditions? What are Apple’s best practices for ensuring sandboxed apps reliably run during disk pressure? We understand macOS terminates apps to reclaim space but would appreciate recommendations to improve resilience within platform guidelines. Thank you!

I've enjoyed using an existing app to connect over BLE to a camera which allows for photo transfer. For some reason though early on in iOS 18, it seems the bluetooth advertising name was corrupted. As a result, the camera no longer connects to the app. I've checked on another phone that the camera connects. I was wondering how to go about clearing the bluetooth cache or maybe specifically the BLE cache. The existing app developer is non responsive and I'm assuming the issue will never be fixed. I was planning on clearing the cache within my own personal unreleased app. Just wondering if there's any cache clearing API.

Hello all, I'm the developer of REHex, a hex editor which I have been distributing as an app bundle outside of the app store for a few years. REHex allows assigning various bits of metadata (comments, data types, etc) which get stored as filename.rehex-meta alongside the original filename, this works fine when the app is just a standalone bundle, however, when distributed via the app store, sandboxing seems to be mandatory, and there doesn't appear to be any obvious way to get permission to read/write such files. As fallbacks, I've considered adding support for storing the metadata as an extended attribute instead (which breaks compatibility, and won't translate when the file is on a FAT/etc filesystem or network share), or popping up the save/load dialog a second time for the user to select a .rehex-meta file, adding it to the list of whitelisted files for the application (keeps compatibility, but UX is clunky). Are there any ways I can work around this, or perhaps other methods I should consider for storing the metadata in an Apple-tolerant manner? Thanks

Works: runs-on: ubuntu-24.04-arm container: image: ubuntu:latest env: DEBIAN_FRONTEND: noninteractive steps: - uses: actions/checkout@v4 - run: | apt-get --assume-yes update apt-get --assume-yes install linux-image-generic dracut binutils - run: | dracut --conf $(mktemp) \ --confdir $(mktemp --directory) \ --verbose \ --modules "base bash" \ --add-drivers "virtio-rng bcachefs btrfs virtiofs overlay xfs" \ --kernel-cmdline "console=hvc0" \ --no-early-microcode \ --no-hostonly \ --no-compress \ --no-uefi \ initramfs \ $(ls /lib/modules/) - run: | cp /boot/vmlinuz-$(ls /lib/modules/) vmlinuz - uses: actions/upload-artifact@v4 with: path: | vmlinuz initramfs Will NOT work: runs-on: ubuntu-24.04-arm container: image: ubuntu:latest env: DEBIAN_FRONTEND: noninteractive steps: - uses: actions/checkout@v4 - run: | apt-get --assume-yes update apt-get --assume-yes install linux-image-generic-64k dracut binutils - run: | dracut --conf $(mktemp) \ --confdir $(mktemp --directory) \ --verbose \ --modules "base bash" \ --add-drivers "virtio-rng bcachefs btrfs virtiofs overlay xfs" \ --kernel-cmdline "console=hvc0" \ --no-early-microcode \ --no-hostonly \ --no-compress \ --no-uefi \ initramfs \ $(ls /lib/modules/) - run: | cp /boot/vmlinuz-$(ls /lib/modules/) vmlinuz - uses: actions/upload-artifact@v4 with: path: | vmlinuz initramfs You can try it on Github Actions

Hi everyone, I'm facing an issue where I cannot write a file to a shared App Group container in my tvOS app when running on a real device. My code works perfectly on the simulator, but fails on a physical device with a permissions error. I’ve set up an App Group with a custom identifier (e.g., group.<my.identifier>), and it’s correctly configured in the Capabilities section of Xcode for both my main app and widget targets. Here’s the code I’m using to save a test file: func saveTestFile() { guard let groupURL = FileManager.default.containerURL(forSecurityApplicationGroupIdentifier: "group.<my.identifier>") else { print("Couldn't access the Group URL.") return } let containerURL = groupURL.appendingPathComponent("Library", isDirectory: true) if FileManager.default.isWritableFile(atPath: containerURL.path) { print("Directory IS writable") } else { print("Directory IS NOT writable") } let fileURL = containerURL.appendingPathComponent("test.txt") let content = "Hello App Group!" do { try content.write(to: fileURL, atomically: true, encoding: .utf8) print("File test.txt is saved at: \(fileURL.path)") } catch { print("Error while saving the file: \(error)") } } Console: Directory IS NOT writable Error while saving the file: Error Domain=NSCocoaErrorDomain Code=513 "You don’t have permission to save the file “test.txt” in the folder “”." UserInfo={NSFilePath=/private/var/mobile/Containers/Shared/AppGroup//Library/test.txt, NSURL=file:///private/var/mobile/Containers/Shared/AppGroup//Library/test.txt, NSUnderlyingError=0x14387fbe0 {Error Domain=NSPOSIXErrorDomain Code=1 "Operation not permitted"}} I’ve tried saving the file in different subdirectories within the App Group container: Directly in groupURL (root of the container). In groupURL.appendingPathComponent("Library"). In groupURL.appendingPathComponent("Caches"). Do you have any ideas what is the problem? Thanks in advance for any help!