I’ve a testing farm of 300 machines. The machines on the farm are headless.
The farm is fed builds from Jenkins, for our steady construct pipeline, and run the appliance in opposition to the check suite. The check suite takes hours to finish.
The staff is roughly 200 builders, which implies we’re pushing about 10 builds an hour to the testing farm. (There are different groups additionally utilizing the testing farm of machines.)
The System Integrity Safety (SIP) has been disabled on all of the farm machines, to keep away from having to manually VNC into every of the 300 farm machines to click on on the permission dialog a number of occasions in the course of the check runs.
IT has issued an edict that we are able to not disable SIP, and should re-enable SIP on all of the farm machines. (Regardless of that the machines are already sequestered from the web, for safety issues.)
How can I give the appliance permission from the command line earlier than launching the appliance and run its check suite?
I’ve an admin account entry to all of the machines.
The permissions I want to pre-permit from the command line are:
- kTCCServiceSystemPolicyDesktopFolder
- kTCCServiceSystemPolicyDocumentsFolder
- kTCCServiceSystemPolicyDownloadsFolder
- kTCCServiceSystemPolicyRemovableVolumes
These are those that I consider routinely requested whereas working the check suite.
The testing farm is working the most recent OS, and is mostly working on the most present launch: macOS 26.4.1 (Tahoe)
