[petsc-dev] MacOS firewall annoyance while running tests + solution

Matthew Knepley knepley at gmail.com
Fri Aug 28 22:36:57 CDT 2020


Which OS is this? It does not happen on my Catalina.

  Thanks,

    Matt

On Fri, Aug 28, 2020 at 10:52 PM Barry Smith <bsmith at petsc.dev> wrote:

>
>
> On Aug 28, 2020, at 3:47 PM, Jed Brown <jed at jedbrown.org> wrote:
>
> "Hapla  Vaclav" <vaclav.hapla at erdw.ethz.ch> writes:
>
> On MacOS, maybe you also have lots of firewall popups
> appearing/disappearing when running tests like
>  Do you want the application "ex29" to accept incoming network connections?
>
>
> Is there a way to express that the application does not need (should not
> accept) incoming connections?
>
>
>   Yes, this also seems to work:
>
> sudo $$FW --block $$APP
>
> instead of
>
> sudo $$FW --unblock $$APP
>
> The parallel program still runs correctly to conclusion without the popup.
>
>   So my conclusion is that at listen() or some later system call it always
> pops up the window (unless the user as already blocked or unblocked the
> executable) without regard to whether an outside  (from the machine)
> connection to the process is attempted.
>
>  The routine has an undocumented option -a <listen or accept> when you run
> with
>
> /usr/libexec/ApplicationFirewall/socketfilterfw -d -a accept
>
> it prints ASKWHENACCEPT  which seems to indicate it will delay the popup
> until an accept is called but I can't confirm this because the debugger
> never stops in accept on one process but the popup still comes up so this
> argument may be ignored.
>
> If I were Junchao I would not do the popup until the code tried to
> accepted an EXTERNAL connection (the lazy evaluation) but I cannot get it
> to behave this way.
>
> If I disconnect from the network I still get the popups.
>
> The pop up is asynchronous also, when the popup is still up the program
> keeps run (even in parallel) and ends normally. Then the popup disappears.
>
>  Apple could make this friendly without hurting security but then Apple
> never cared about external developers for the Mac.
>
>
>
> Normalizing sudo during build/testing seems really bad.
>
>
>

-- 
What most experimenters take for granted before they begin their
experiments is infinitely more interesting than any results to which their
experiments lead.
-- Norbert Wiener

https://www.cse.buffalo.edu/~knepley/ <http://www.cse.buffalo.edu/~knepley/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mcs.anl.gov/pipermail/petsc-dev/attachments/20200828/8a675cee/attachment-0001.html>


More information about the petsc-dev mailing list