Method: ChefConfig::PathHelper.is_sip_path?

Defined in:
lib/chef-config/path_helper.rb

.is_sip_path?(path, node) ⇒ Boolean

Determine if the given path is protected by macOS System Integrity Protection.

Returns:

  • (Boolean) 


299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
 
# File 'lib/chef-config/path_helper.rb', line 299

def self.is_sip_path?(path, node)
  if ChefUtils.macos?
    # @todo: parse rootless.conf for this?
    sip_paths = [
      "/System", "/bin", "/sbin", "/usr"
    ]
    sip_paths.each do |sip_path|
      ChefConfig.logger.info("#{sip_path} is a SIP path, checking if it is in the exceptions list.")
      return true if path.start_with?(sip_path)
    end
    false
  else
    false
  end
end