[New-bugs-announce] [issue32347] System Integrity Protection breaks shutil.copystat()

Ryan Govostes report at bugs.python.org
Sat Dec 16 11:45:01 EST 2017

New submission from Ryan Govostes <rgovostes+python at gmail.com>:

On macOS, shutil.copystat() uses chflags() to try to copy filesystem flags from the source to destination.

In recent years, Apple introduced System Integrity Protection, which prevents modification of system files. These files have the non-standard SF_RESTRICTED flag set, which only the superuser can set.

Thus, unprivileged users can no longer use shutil.copy2() et al. to copy system files, which is a regression from previous releases of the OS.

It's unclear what the correct behavior should be: It some cases, it would be desirable to attempt to copy the bit.

It might be informative to look at the behavior of Apple's `copyfile_stat` function, which unsets these two flags:

    * File flags that are not preserved when copying stat information.


This was also filed to Apple as rdar://36090921

components: macOS
messages: 308479
nosy: Ryan Govostes, ned.deily, ronaldoussoren
priority: normal
severity: normal
status: open
title: System Integrity Protection breaks shutil.copystat()
type: behavior
versions: Python 3.6

Python tracker <report at bugs.python.org>

More information about the New-bugs-announce mailing list