Solved a problem with "non-sticky" LS approvals on Sierra

General discussions about Little Snitch
Post Reply
Chazzo
Posts: 10
Joined: Sun May 19, 2013 6:41 pm

Solved a problem with "non-sticky" LS approvals on Sierra

Post by Chazzo » Thu Dec 15, 2016 12:52 pm

TL;DR If you use Path Finder and Sierra, you may be unable to get LS connection alerts from non-Apple apps to "stick". The fix is easy once you understand what's going on. Just use the Finder instead of Path Finder to move apps to your Applications folder.

The full spiel:

Facing an irritating issue with Little Snitch, I was about to ask for help here. However, I think I've solved the problem, so I'm recording the details here in case they're useful to others.

The symptom is that an app repeatedly causes LS to ask for a connection approval, even when there's already a rule to allow any outgoing connection. In my case the apps in question were TunnelBear and OpenVPN, which is embedded in TunnelBear.

Closer inspection showed that LS recorded odd-looking paths for these apps. It turns out this is caused by Gatekeeper Path Randomization, otherwise known as "app translocation": as long as a user does not move an app out of their downloads folder, that app runs from a disk image with a random path for security reasons. Hence the multiple connection alerts in LS, which thinks each instance is a separate app.

What puzzled me was why this was happening even when the apps in question were already in the Applications folder. It turns out that to disable translocation, you have to move the app using the Finder. Even a "mv" command in the Terminal won't do.

I normally use Path Finder, hence the problem. Using the Finder to move the offending apps out of the Applications folder and back in again has fixed it.

Obviously, this will only affect people who use Terminal or a Finder replacement to move apps around.

Post Reply