General: DevForums subtopic: App & System Services > Core OS Core OS is a catch-all subtopic for low-level APIs that don’t fall into one of these more specific areas: Processes & Concurrency Resources Files and Storage Resources Networking Resources Network Extension Resources Security Resources Virtualization Resources Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com"

I have the following code for port forwarding in mac os virtualization var ipAddr = in_addr() // 1. Convert String to in_addr inet_pton(AF_INET, guestIP, &ipAddr) let status = vmnet_network_configuration_add_port_forwarding_rule( config, UInt8(IPPROTO_TCP), // TCP protocol sa_family_t(AF_INET), // address family guestPort, // internal port (guest) externalPort, // external port (host) &ipAddr // internal address (guest IP) ) if status == .VMNET_SUCCESS { print("✅ Port Forwarding set: Mac:\(externalPort) -> VM(\(guestIP)):\(guestPort)") } else { print("❌ Port Forwarding failed for \(guestIP): \(status.rawValue)") } It is returning success but when i test it it does not work. Is there anything i am doing wrong? Please help me also in fixing this problem. Note: The app runs in sandbox i tried without sandboxing and it does not work either. Please refer to this link https://developer.apple.com/forums/thread/822025?login=true&page=1#884236022 how i am creating the VZVmnetNetworkDeviceAttachment

Hi, I am very excited for the fskit changes. Now I finally had some time to actually read the docs. But I am not very sure how the new cache api is able to propagate external file tree changes to fskit. As far as I understand it only handels cached file data but not metadata? I really hope I am just misunderstanding and this is possible. Greetings Nils

Every time I use my iPhone 17 Pro. The device gets very warm. I have to turn it off cool it down and then use it again. Please fix this bug?

When I copy and paste something from one app to another app and it comes off of the clipboard. The text gets cut off. I have to manually cut and paste one line at a time otherwise the whole text will not show. When other people post something and I read whatever the person‘s post is. That text gets cut off as well. Please fix this problem.

Hi! I'm developing an FSKit module and experiencing some troubles with test harness automation: Registering an FSKit AppEx requires user intervention by clicking through a GUI. Re-deploying a new build signed with a local certificate involves the same roundabout to re-toggle the registered AppEx in the Settings. Are there any plans to improve developer experience in this regard?

When I opened an Intel-based app in the macOS 27 beta, a prompt informed me that apps requiring Rosetta will not work in the next OS release (macOS 28). It also prompted me to install Rosetta to continue using the app in macOS 27. After installing, I began wondering if there is a way to remove Rosetta via Settings. Since it is now treated as an optional feature, shouldn't we be able to uninstall it similar to how command line tools are managed? Does anyone know of a method to completely remove Rosetta once it has been installed? (PS: This post was rewritten using Siri AI)

While testing the watchOS 27 beta, I noticed that the standalone Walkie-Talkie app has been removed from the system. Walkie-Talkie has always been a great, lightweight way to stay connected. Much like Digital Touch, it’s one of those quick, low-friction features that makes the watch feel uniquely personal for communication throughout the day. I am really hoping its absence is just a temporary beta omission rather than a permanent retirement of the feature. I have already submitted a request via Feedback Assistant asking the engineering team to consider keeping it in the final release. If you also rely on this app for quick wrist-to-wrist updates, I highly recommend submitting your own feedback ticket to let the team know there is still an active user base for it. (FB23040695) Has anyone else ran into this or found an official note from Apple regarding its removal in the release notes? Hopefully, we will see it return before the public release this fall. Over and out!

Hi, I see that with mac os 27 we have diskimagekit https://developer.apple.com/documentation/DiskImageKit the stacked disk image gives us the possibility of creating incremental snapshots which is wonderful addition to the virtualization framework. But is there a way to merge back stacked image to base image? Thanks & Regards

Hi folks! I’ve been paying attention to FSKit for moment to develop a network file system designed for source control-use cases (à la Eden or Google’s CITC). The design goal is support instant clones, even of massive repositories, by lazily fetching files as needed. Based on this thread, it seems like macOS 27 has added some of the requisite APIs needed to support inode invalidation for network/shared file systems like the cache coherency APIs. For example, I’m thinking that for this file system, I’d want to bypass the kernel’s own caching and have my file system be entirely responsible for it, as it‘d have a better understanding/picture of what is up-to-date and what isn’t and there won’t need to be multiple layers of cache invalidation/coherency. Am I correctly reading the intent of these new APIs?

With the recent introduction of the unified asset pipeline and Icon Composer, managing cross-platform icon designs has become incredibly efficient. However, there is still a significant platform disparity when it comes to maintaining visual consistency and brand uniformity across paired devices. On iOS, we can dynamically change the app icon at runtime using the setAlternateIconName API. Currently, watchOS completely lacks an equivalent mechanism. If a user selects an alternative icon inside an iOS companion app, the paired Apple Watch app icon remains locked to the default primary asset. This creates a disjointed experience and directly impacts user recognition. The watchOS home screen relies entirely on instant visual cues. If a user changes their iPhone icon to a custom colorway, they instinctively look for that same colorway on their wrist. Leaving the watch icon unchanged makes it harder to quickly locate the app. I have submitted an enhancement request via Feedback Assistant to bring alternate app icon support to watchOS, ideally through an automatic system-level sync within the unified .icon pipeline, or via a native watchOS runtime API. If your app utilizes alternate icons and you would like to see this cross-device continuity brought to watchOS, please consider filing your own duplicate request to help bring visibility to this gap. Filed Feedback: FB23080617

Installing ZFSFSKit.appex ? /Library/ExtensionKit/Extensions/ Substituting real Mach-O (libtool wrapper ? .libs/ZFSFSKit) Installing zfs.fs ? /Library/Filesystems/ mount_zfs: Mach-O 64-bit executable arm64 Done. Signing (before pluginkit, so it sees a valid signature)... Re-signing /Library/ExtensionKit/Extensions/ZFSFSKit.appex ad-hoc (no identity). Note: requires amfi_get_out_of_my_way=1 in boot-args. Team ID: ADHOC /Library/ExtensionKit/Extensions/ZFSFSKit.appex: replacing existing signature Done. Signature: Identifier=org.openzfsonosx.filesystems.zfs.fsext Signature=adhoc TeamIdentifier=not set Entitlements: <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "https://www.apple.com/DTDs/PropertyList-1.0.dtd"><plist version="1.0"><dict><key>com.apple.application-identifier</key><string>ADHOC.org.openzfsonosx.filesystems.zfs.fsext</string><key>com.apple.developer.fskit.fsmodule</key><true/><key>com.apple.developer.team-identifier</key><string>ADHOC</string><key>com.apple.security.app-sandbox</key><true/></dict></plist> Registering with pluginkit... pluginkit -a done. Restarting fskitd... # sudo pluginkit -v -m -p com.apple.fskit.fsmodule + org.openzfsonosx.filesystems.zfs.fsext((null)) 6A12A41280FB-4190-B957-FA94DC89BB1E 2026-05-29 01:17:58 +0000 /Library/ExtensionKit/Extensions/ZFSFSKit.appex # sudo mkdir /Volumes/tank # sudo mount -F -t zfs /dev/disk4 /Volumes/tank # ls -la /Volumes/tank total 3 drwxr-xr-x 3 lundman staff 4 May 29 09:21 . drwxr-xr-x 4 root wheel 128 May 29 10:18 .. -rw-r--r-- 1 lundman staff 11 May 29 09:21 file.txt drwxr-xr-x 2 lundman staff 2 May 29 09:21 HelloWorld # cat /Volumes/tank/file.txt HelloWorld Even though FSKit isn't quite ready, I built a proof-of-concept FSKit extension to understand what the migration path looks like. This post shares what we got working, specific technical findings that weren't documented, and the gaps we hit that would need Apple's attention for a production implementation. Luckily, OpenZFS already compiles in userland for the "zdb" utility so not much work was required on that side. There were certain amount of desperation applied when we came across hurdles, so possibly some assumptions we formed are not correct. (We didn't go back and confirm the problem after it started working).

I saw there is a new es_new_descendants_client() function in Endpoint Security, with very interesting details: no TCC approval required no root privileges required which makes it very different from how we've known Endpoint Security so far. What is the real life use of this client? First, I thought it would be good to monitor processes I launch from my central application - but I won't fork() or exec() other apps - I will ask launchd to open them (NSWorkspace...), so they won't be descendants of my Endpoint Security client containing process. Not to mention, I don't understand how this aligns with the entitlement being attachable only to system(?) extensions. Or, can I now add this entitlement to an application? The dropping of root privilege as a requirement seems like this entitlement could be attached to regular apps. Or it can only be attached to a launchd agent, rather than a daemon? I haven't seen any pointers in Endpoint Security documentation other than this function's documentation. A tutorial would be very nice to have. Thanks in advance!

I've filed this as a feedback report (FB22305448) and wanted to raise it here in case anyone else is seeing the same behaviour or can confirm. The Share Sheet's suggested-people row appears to ignore the system Contacts name-display settings. When a contact has a Nickname set, that Nickname is shown in the sharing suggestions even when nicknames are explicitly turned off. Settings state Under Settings › Contacts › Short Name, both toggles are off: Short Name — Off Prefer Nicknames — Off With these off, the rest of the system (Contacts app, Messages conversation list, Mail, etc.) correctly shows the contact's full/short name rather than the Nickname. Steps to reproduce Open a contact and add a Nickname (e.g. contact "John Smith" with Nickname "JJ"). Go to Settings › Contacts › Short Name and ensure both Short Name and Prefer Nicknames are off. Open Photos, select a photo, and tap Share. Look at the suggested-people row at the top of the Share Sheet (the iMessage/AirDrop suggestions). Expected behaviour With Prefer Nicknames off, the suggestion should display the contact's full name (or short name if Short Name were enabled) — i.e. "John Smith", consistent with every other part of the system. Actual behaviour The Share Sheet suggestion shows the Nickname ("JJ") regardless of the Contacts setting. The setting is not honoured in this surface. Notes Reproducible every time. The Nickname is shown only in the Share Sheet suggestions row; other system surfaces respect the setting correctly, which points to the Share Sheet / suggestions component reading the contact's display name without applying the user's nickname preference. Feedback ID: FB22305448 Has anyone else run into this, or found a workaround short of removing the Nickname from the contact?

We are looking to scale up our automated testing infrastructure for macOS development. Ideally, we want to create a large-scale testing farm capable of running parallel integration tests across multiple OS versions and configurations. However, we are running into a major roadblock with the Software License Agreement (SLA) limitation, which restricts the concurrent execution of macOS within virtualized environments to a maximum of two (2) instances per physical host. This restriction creates a massive bottleneck for high-end hardware. Investing in powerful machines like the Mac Studio or Mac Pro feels entirely inefficient for this use case; their massive core counts and memory capacities are effectively wasted if the host is legally throttled to just two concurrent VMs. Given this friction, we have a few questions for the community and any Apple engineers tuning in: are there any known plans, official updates, or historical precedents suggesting Apple might revise or remove this 2-VM limit for enterprise testing workflows? Any insights, policy updates, or architectural recommendations on building large-scale, compliant macOS test farms without underutilizing high-end hardware would be greatly appreciated. Thank you!

I have created and tested background assets (Apple Hosted) with both "essential" and "onDemand". They works on the iPhone and iPad following the "Testing asset packs locally" steps. However, when I upload to TF; the iPad fails to download. The iPhone is able to download both "essential" and "onDemand" fine. I am adopting the manifest from xcrun ba-package template -o Manifest.json Manifest.json

Trying to virtualize macOS 27 on a 26.6 host failed at 77% install progress, even with Xcode 27 beta installed. But worked fine on a macOS 27 host. Are there any tricks to use a 26 host? Thanks!

Any plans to provide (a subset of) the FUSE3 API directly on top of FSKit/an underlying primitive, in a way that doesn't compromise the new security model, but also reduces porting friction?

Is there any restriction in File system renaming using shove from sandboxed to runtime path?? failed _relinkFile(/Library/InstallerSandboxes/.PKInstallSandboxManager/EFFC026D-F5AD-4F2D-8EB1-E73B78E51E1A.activeSandbox/Root/Library/Application Support/McAfee/MSS/Applications/Trellix Agent Status Monitor.app/Contents/_CodeSignature/CodeResources, /Library/Application Support/McAfee/MSS/Applications/Trellix Agent Status Monitor.app/Contents/_CodeSignature/CodeResources): Operation not permitted 2026-05-27 12:20:37-04 OSX-CG46R0630R installd[8236]: PackageKit: releasing backupd 2026-05-27 12:20:37-04 OSX-CG46R0630R installd[8236]: PackageKit: allow user idle system sleep 2026-05-27 12:20:37-04 OSX-CG46R0630R installd[8236]: PackageKit: Install Failed: Error Domain=PKInstallErrorDomain Code=120 "An unexpected error occurred while moving files to the final destination." UserInfo={NSLocalizedDescription=An unexpected error occurred while moving files to the final destination., This is immediately followed by: PKInstallErrorDomain Code=120 NSPOSIXErrorDomain Code=1 "Operation not permitted" Based on the installer logs reviewed so far, the failure appears to occur during a PackageKit file relink operation and is accompanied by "Operation not permitted" errors, which suggests a permissions enforcement issue during installation.

Hi everyone, I am developing a macOS virtualization manager (VirtualProg) using the Virtualization.framework. The application is distributed via the Mac App Store, so it operates strictly within the App Store Sandbox. I am looking for a reliable, programmatic way to discover the IP address assigned to a guest (both macOS and Linux). Is there a recommended "Sandbox-safe" API or pattern within the Virtualization framework—or a lower-level networking entitlement—that allows a host application to retrieve the guest's assigned IP address? Ideally, I am looking for a solution that does not require the user to manually install a non-sandboxed helper tool. Thanks in advance for any insights or guidance!

Hi, I am trying to use AAUSBAccessoryManager with mac os 27 to connect host usb device to guest vm. here is my code // // USBPassthroughManager.swift // VirtualProg import AccessoryAccess import Foundation import IOKit @available(macOS 27.0, *) class USBPassthroughManager: NSObject, ObservableObject, AAUSBAccessoryListener { static let shared = USBPassthroughManager() @Published var availableDevices: [AAUSBAccessory] = [] func startListening() async { do { let existing = try await AAUSBAccessoryManager.shared .registerListener(self, matchingCriteria: []) await MainActor.run { self.availableDevices = existing } } catch { LogManager.shared.log(vmName: AppConstants.logGeneral, type: .error, message: "USB passthrough listener failed: \(error.localizedDescription)") } } func usbAccessoryDidConnect(_ usbAccessory: AAUSBAccessory) { DispatchQueue.main.async { guard !self.availableDevices.contains(where: { $0.registryID == usbAccessory.registryID }) else { return } self.availableDevices.append(usbAccessory) print(self.displayName(for: usbAccessory)) } } The usb icon in status bar menu is displayed and i can select the the usb device to connect to my app. the usb device is connected to my app. it is shown in the status bar. but usbAccessoryDidConnect is not firing. i have the entitlement com.apple.developer.accessory-access.usb in the capabilities. i get this in the xcode console start failed ((iokit/common) not permitted) for plugin for .......... and also disconnect is also not firing. Not sure what i am doing wrong. How can i determine the name of the USB Device from AAUSBAccessory. Any help would be appreciated. Thanks