Hi, On Tue, May 24, 2022 at 10:01:09AM -0700, Ken Cunningham wrote: > That comes right from Iain - here's the relevant gcc ticket I believe: > > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88590 > > I'm sure Iain would be delighted to find a way around this.
MacPorts works around this by making a copy of the binary to be executed, stripping the SIP flag, and transparently running this copy. See [1]. Re-using this solution in GCC would additionally require interposing the execve(2) and posix_spawn(2) syscalls. We have code to do that available in MacPorts at [2]. I'm not sure whether Iain would want to port this solution, though. On the other hand, it has been working reasonably well since 10.11 (except for a fix recently required to restore it from abysmal performance because Apple broke their API [3] and a few resource leak fixes [4]). HTH, Clemens [1]: https://github.com/macports/macports-base/blob/master/src/pextlib1.0/sip_copy_proc.c#L473-L479 [2]: https://github.com/macports/macports-base/blob/master/src/darwintracelib1.0/proc.c#L247-L287 [3]: https://github.com/macports/macports-base/commit/3b949ccfe7a309bce1cc7041cdf56871890b784d [4]: https://github.com/macports/macports-base/commit/f1391cfaea525f57e82b5cbe3dce6b0a782325bb