PPPC Privacy permissions - munki/munki GitHub Wiki
macOS Ventura added yet another new "Privacy" protection; "App Management". This feature can interfere with Munki's ability to install and update software.
With Munki 6.3 and later, it is recommended to use MDM to install a PPPC/TCC profile granting either App Management or Full Disk Access rights to: /usr/local/munki/managedsoftwareupdate. It is currently recommended to grant Full Disk Access rights, as that should cover almost every PPPC protection third-party installers might trigger, now, and for the foreseeable future.
It's best if managedsoftwareupdate is signed by a Developer ID. (If it's not signed, you'll need to update your PPPC/TCC profile every time there's a new release of Munki, as the cdhash will change.)
Releases of Munki signed by MacAdmins Open Source are available here: https://github.com/macadmins/munki-builds/releases Using these signed releases will avoid the need to update the PPPC/TCC profile for each release.
You can also build and sign Munki with your own developer identity. See Building Munki Packages for more info.
Choose one of the two following Privacy policies:
Full Disk Access: SystemPolicyAllFiles
App Management: SystemPolicyAppBundles
Identifier (Path): /usr/local/munki/managedsoftwareupdate
You'll need to get the "CodeRequirement" for /usr/local/munki/managedsoftwareupdate. This can be generated with codesign -dr - /usr/local/munki/managedsoftwareupdate. You want the string following designated => in codesign's output.
If you are using the release signed by MacAdmins Open Source, the CodeRequirement currently is as follows (for Munki 6.x):
identifier munkishim and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = T4SK8ZXCXG
Munki 7 changes the identifier for /usr/local/munki/managedsoftwareupdate, and the CodeRequirement for the release signed by MacAdmins Open Source is:
identifier managedsoftwareupdate and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = T4SK8ZXCXG
A CodeRequirement that works for both Munki 6 and Munki 7 is:
(identifier munkishim or identifier managedsoftwareupdate) and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = T4SK8ZXCXG
The following is an example custom configuration profile to grant Munki Full Disk Access that should work with both Munki 6.x and Munki 7:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadDisplayName</key>
<string>Privacy - Full Disk Access - Munki</string>
<key>PayloadIdentifier</key>
<string>com.example.Privacy.AllFiles.Munki</string>
<key>PayloadUUID</key>
<string>0744F4F8-5D7E-4A28-9D2D-19074AC9DBE3</string>
<key>PayloadDescription</key>
<string>Allows Munki to access to all protected files, including system administration files.</string>
<key>PayloadOrganization</key>
<string>Example, Inc.</string>
<key>PayloadRemovalDisallowed</key>
<true/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadType</key>
<string>com.apple.TCC.configuration-profile-policy</string>
<key>PayloadDisplayName</key>
<string>Privacy - Full Disk Access - Munki (v1)</string>
<key>PayloadIdentifier</key>
<string>com.example.Privacy.AllFiles.Munki</string>
<key>PayloadUUID</key>
<string>17FCB39B-6965-42D8-BFF7-0CF057A10360</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>Services</key>
<dict>
<key>SystemPolicyAllFiles</key>
<array>
<dict>
<key>Allowed</key>
<true/>
<key>CodeRequirement</key>
<string>(identifier munkishim or identifier managedsoftwareupdate) and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = T4SK8ZXCXG</string>
<key>Identifier</key>
<string>/usr/local/munki/managedsoftwareupdate</string>
<key>IdentifierType</key>
<string>path</string>
</dict>
</array>
</dict>
</dict>
</array>
</dict>
</plist>
In Munki 6.3-6.7, due to the use of the "munkishim" and its use of an undocumented/unsupported feature to cause munkishim to disclaim ownership of its children (necessary to allow PPPC/TCC approvals of managedsoftwareupdate without granting those rights to Munki's Python interpreter), managedsoftwareupdate could be granted PPPC permissions that worked no matter how managedsoftwareupdate was started: via a launchd job, via a Terminal session, via a remote SSH session, etc.
In Munki 7, "munkishim" has been eliminated (since managedsoftwareupdate, along with all the other command-line tools, is now a compiled executable). But this means that, due to how macOS determines the "responsible process", that if you manage PPPC/TCC approvals for managedsoftwareupdate, these approvals are really only effective for managedsoftwareupdate runs started by launchd. This would include all periodic background runs, bootstrap mode, and any run triggered by Managed Software Center.
But if you manually run managedsoftwareupdate via Terminal.app or via a remote SSH session, macOS will determine that Terminal or one of the ssh helper processes (ssh-keygen-wrapper) is the "responsible process". This means you may have to approve Terminal.app (or any substitute terminal application), or ssh-keygen-wrapper for Full Disk Access in order to be able to use managedsoftwareupdate from a terminal session. This is actually more standard behavior for macOS than the behavior in Munki 6.
See this presentation from MacDevOps YVR 2023 for more details on PPPC/TCC and the "responsible process": https://www.youtube.com/watch?v=DcrfCGqqjkA