> On Aug 6, 2017, at 14:59, Ryan Schmidt <[email protected]> wrote: > > >> On Aug 4, 2017, at 20:36, Richard L. Hamilton <[email protected]> wrote: >> >> Some notes of mine on /usr/local: I can't avoid /usr/local entirely, since >> VirtualBox and Parallels install their command line tools there. > > Those probably won't cause problems for MacPorts. > >> But I can move /usr/local out of the way, for the duration of MacPorts >> builds, as necessary. More precisely, with System Integrity Protection >> turned off, I moved /usr/local elsewhere (not in /usr, which is mostly >> protected), and replaced it with a symlink to the new location. That way, I >> can rename what the symlink points to, without necessarily needing to leave >> SIP turned off. > > Grumble... I didn't realize SIP would prevent renaming /usr/local. That's > inconvenient. >
sh-3.2$ ls -ldO /usr
drwxr-xr-x@ 16 root wheel restricted,hidden 544 May 4 09:08 /usr
The "restricted" flag indicates a file or directory is protected by SIP, AFAIK.
Also, in /System/Library/Sandbox/rootless.conf, there are (among others) the
lines:
/usr
* /usr/libexec/cups
* /usr/local
* /usr/share/man
* /usr/share/snmp
where the lines not preceded by an asterisk are protected, and the lines that
are preceded by an asterisk are exceptions to that protection. Perhaps one
could rename /usr/local out of /usr altogether, and then back; I never tried
that with CSR enabled. But I doubt one could e.g.. mv /usr/local
/usr/local.hold
signature.asc
Description: Message signed with OpenPGP
