Follow

sudo rm -rf /System/Applications/News.app

rm: /System/Applications/News.app: Operation not permitted

If sudo <command> results in an “Operation not permitted” error, it’s not your computer.

PS. Dear fediverse, no need to suggest alternatives, my daily driver is a StarLabs LabTop running @elementary and I dev cross-platform/web apps that I need to test on macOS and Windows also. Thank you.

@aral You need to disable SIP to screw around in System.
howtogeek.com/230424/how-to-di

It's your computer, but they made it more difficult to fuck it up completely.

@mdhughes Ah, right, and I guess it was just an arbitrary decision – nothing monopolistic at all – to put News.app under System while, say, Numbers and Pages are happy to live in /Applications… so if I want to delete an app that brings Apple revenue, I need to actively render my system unsafe to do it. (Not going to try it because I’m not even sure it won’t actually fuck something else up on this damned machine.)

@aral I've disabled SIP (temporarily), it's fine. It is obnoxious that News is there instead of Applications, but it's not unremovable.

@mdhughes Well, clearly, given that it’s apparently not even installed on Macs in jurisdictions where it’s not supported :)

@aral definitely a long shot, but what if you run chattr -i on it? On linux rm can fail as root with the same error if the file is marked as immutable, and that command should remove immutability.

@robby Apparently you can remove it if you disable System Integrity Protection… 🙄

@aral Not necessarily, SELinux or AppArmor could do the same, or the absence of CAP_DAC_OVERRIDE . But yes, let's not talk about corner cases ^^

@sheogorath @aral was about to mention selinux. Of course, you have the *choice* to run selinux.

@doenietzomoeilijk Not comparable to SIP…

With SELinux, the admin can write their own SELinux policies, and managing roles, to set their system as they need… There's isn't any 3rd party forcing their policies upon your system.

Meaning if you need to do a certain task (e.g. authorising a process to access a certain directory, assigning a role to a user…), you don't have to *disable* SELinux. As the admin, you can configure SELinux to allow you to do so.

@sheogorath @aral

@doenietzomoeilijk Unlike SIP, SELinux lets the admin do legitimate tasks on their own system, without having to lose the benefits of using SELinux…

@sheogorath @aral

@devnull @sheogorath @aral oh, I'm aware of the differences, it's just that selinux can catch you off guard with not allowing sudo'd activities if it's not set up correctly (or if you're trying to do something you shouldn't).

It's definitely different from sip in other respects.

Sign in to participate in the conversation
Aral’s Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!