With OS X 10.11 coming out in the fall does anyone plan on trying to support 10.11 on launch day? Does anyone know how Bigfix is going to work with Rootless or if it will affect Bigfix client at all?
That is a great question. It should work but some lower level items may have to be re-engineered to use OSX interfaces instead of direct system access.
Peter
The existing 9.2.5 agent seems to run and identify itself OK.
That’s good to hear from someone else 
So does 9.2.5 have unofficial goodness for 10.11?
Not 100% sure yet. There are edge cases in every release. And of course the nickname part isn’t there
Just a quick follow up. 10.11 is coming out in 2 weeks. Just wanted to know if more is known at this time regarding support of it for the BigFix agent. atlauren mentioned 9.2.5 agent seems to run fine on it. Anyone have any problems they have to report for 9.2.5 on Max OS X 10.11?
1 Like
I’ve noticed in 10.11 build 15A282b (GM Seed), the BigFix client UI (agent version 9.2.5.130) will not load. BigFix logs show it trying to load a couple of times, failing, and then a message that it will try again in 24 hours.
There are also a lot of sandboxd system policy deny errors for BESAgent (deny mach-priv-task-port)
There is an immense amount of privileges that changed between the Beta 7 and the GM seed so we’re still absorbing all the changes.
bump
Are there any updates on this we just upgrade to 9.2.
Just wanted to chime in here – agent version 9.2.5 does not appear to work for us. You can’t launch the UI. A daemon appears to be running in the background and is checking in with the main server, but it doesn’t appear to be able to run any actions.
sorry for the confusion on my last deleted reply. i saw an RFE on el capitan support and mistakenly thought it was for bigfix but on second look, it was not.
ive been seeing similar behavior to jdeangelis where the services are not showing up as running but the agent is checking in to the parent server and console.
in my tests, the services took awhile to start running and checking into the console. but after that, i was able to send tasks and fixlets, which so far have been successfully running, although most of them are basic ones. at least it gives some hope that we can use console actions to update the agents on macs running el capitan. the triggerclientui does not open still and says the services are not running, so there are definitely some issues still happening.
Apple has made some radical changes to El Capitan!
Not surprising that a tool like BigFix would have trouble when the OS permissions are changed like this. According to the article, there may be a way to revert the Root access. Has anyone tried that?
Hey Tim,
Check out these resources about SIP. Deals with configuration and management of SIP.
Hope this answers your question.
SIP basically locks down unix-y locations and forces user/third-party installs to /usr/local or /opt. You can’t shove stuff in to /bin or /usr/bin any more. However, BigFix is in /opt and /Library/Application support, so I don’t see that being a problem.
@AlanM, what’s y’all’s take on SIP?
SIP is definitely annoying and we are working on getting around it.
I opened a PMR with IBM support for El Capitan compatibility a couple of weeks ago. They replied that they’re expecting BF v9.2.6 to be released by the end of November, which will be El Capitan compatible, although all is subject to change. Maybe we’ll hear more at the BF user group meeting this week though.
2 Likes
That is probably the case, though it would be @AlanM we’d hear from about it at the BigFix User Group Meeting.
@AlanM It would be interesting if you have some thoughts on El Cap compatibility challenges for the user group meeting, as well as BigFix Mac support in general.
Hopefully I passed on enough of my distaste for SIP
That being we are working around it.
@AlanM, it was extraordinarily valuable to get your perspective.
Thanks again for attending, and sharing.