class ChefConfig::PathHelper

def self.is_sip_path?(path, node)

Determine if the given path is protected by macOS System Integrity Protection.

def self.is_sip_path?(path, node)
  if ChefUtils.macos?
    # @todo: parse rootless.conf for this?
    sip_paths = [
      "/System", "/bin", "/sbin", "/usr"
    ]
    sip_paths.each do |sip_path|
      ChefConfig.logger.info("#{sip_path} is a SIP path, checking if it is in the exceptions list.")
      return true if path.start_with?(sip_path)
    end
    false
  else
    false
  end
end

Class Methods