> On Aug 6, 2017, at 14:59, Ryan Schmidt <ryandes...@macports.org> wrote:
>> On Aug 4, 2017, at 20:36, Richard L. Hamilton <rlha...@smart.net> wrote:
>> Some notes of mine on /usr/local:  I can't avoid /usr/local entirely, since 
>> VirtualBox and Parallels install their command line tools there.
> Those probably won't cause problems for MacPorts.
>> But I can move /usr/local out of the way, for the duration of MacPorts 
>> builds, as necessary.  More precisely, with System Integrity Protection 
>> turned off, I moved /usr/local elsewhere (not in /usr, which is mostly 
>> protected), and replaced it with a symlink to the new location.  That way, I 
>> can rename what the symlink points to, without necessarily needing to leave 
>> SIP turned off.
> Grumble... I didn't realize SIP would prevent renaming /usr/local. That's 
> inconvenient.

sh-3.2$ ls -ldO /usr
drwxr-xr-x@ 16 root  wheel  restricted,hidden 544 May  4 09:08 /usr

The "restricted" flag indicates a file or directory is protected by SIP, AFAIK.

Also, in /System/Library/Sandbox/rootless.conf, there are (among others) the 
*                               /usr/libexec/cups
*                               /usr/local
*                               /usr/share/man
*                               /usr/share/snmp

where the lines not preceded by an asterisk are protected, and the lines that 
are preceded by an asterisk are exceptions to that protection.  Perhaps one 
could rename /usr/local out of /usr altogether, and then back; I never tried 
that with CSR enabled.  But I doubt one could e.g..  mv /usr/local 

Attachment: signature.asc
Description: Message signed with OpenPGP

Reply via email to