"Failed to gain authorization"
kettle11 opened this issue · comments
When I try to run an Allocations profile I get the following error:
Failed instruments errored: [ERROR] Run issues detected (trace is still ready to be viewed):
* Failed to gain authorization
I'm on an M1 Mac running macOS Big Sur 11.4.
I suspect that it's related to this issue: https://developer.apple.com/forums/thread/681687
But if that were the case then it seems likely other users of cargo-instruments
would be hitting it as well. Is anyone else hitting this issue?
I'm still not running big sur anywhere, although I will be in a week or so.
You have to replace the ad-hoc signature of the binary to be profiled with a new one that has the com.apple.security.get-task-allow
entitlement enabled. You can do it like this:
- Create an
ent.plist
file with the following contents in your home dir:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.get-task-allow</key>
<true/>
</dict>
</plist>
- Build the binary.
- Resign it with a new ad-hoc signature including the entitlement:
codesign -s - -f --entitlements ~/ent.plist <path to binary>
- Run the profiler with
xcrun xctrace record --template 'Allocations' --launch -- <path to binary> [args...]
@hkratz this sounds like something I should be able to do automatically as part of the tool?
@cmyr Yes. It would probably be best if you could do this by setting some magic linker options for rustc. The linker is the one doing the ad-hoc signing in the first place so I assume it can also include the entitlement somehow.
I think we could hack around this by doing an adhoc signature that's mentioned in this blog post
https://eclecticlight.co/2020/08/22/apple-silicon-macs-will-require-signed-code/