Munki 7, App Management and Full Disk Access

[Gregory Neagle]

I’ve updated the documentation on MDM configuration profiles to give managedsoftwareupdatre the TCC rights to manage apps and/or manage all files:

https://github.com/munki/munki/wiki/PPPC-Privacy-permissions#details-needed-for-building-a-configuration-profile

If you only have clients running Munki 6 or all your clients are running Munki 7, the configuration is pretty straightforward. But of course this makes it difficult to _migrate_ to Munki7, so I’ve made an attempt to document a profile that _should_ work for both Munki 6 and Munki 7.

The problem is — I haven’t been able to trigger any App Management or Full Disk Access failures recently, so I can’t be 100% sure this actually works.

If anyone has a reproducable method to trigger either App Management or Full Disk Access protections, I’d greatly appreciate the information.

I did find this dicussion from late 2022, but was not able to trigger a PPPC/TCC failure with the given instructions. https://groups.google.com/u/1/g/munki-dev/c/hFy4y4g4okc/m/g-geEBooBAAJ

-Greg

[Alan]

Interesting. I removed my Munki PPPC profile from a test Mac and tried to install Zoom via MSC and was immediately met with a

"managedsoftwareupdate" would like to access data from other apps.

dialogue. That's not happening for you?

--
Find related discussion groups here:
https://github.com/munki/munki/wiki/Discussion-Group
---
You received this message because you are subscribed to the Google Groups "munki-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to munki-dev+...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/munki-dev/4DC1987B-F958-4E24-92D7-C1C2693FB0F4%40mac.com.

[Gregory Neagle]

Kevin M. Cox provided me with a nopkg item that requires FDA to successfully install. I was then able to confirm that the CodeRequirement in the wiki page works on both Munki 6 and Munki 7.

-Greg