The 'App' You Can't Trash: How SIP is Broken in Apple's High Sierra OS

A reader shares a blog post that talks about why Mac running High Sierra 10.13.2 (and other versions near it) refuses to let users uninstall some third-party applications easily. For instance, when users attempt to uninstall BlueStacks, an Android emulator, the Finder shows this warning: "The operation can't be completed because you don't have the necessary permission." The blog post looks into the subject: The moment that we see the word permission, all becomes clear: it's a permissions problem. So the next step is to select the offending item in the Finder, press Command-I to bring up the Get Info dialog, and change the permissions. It does, though, leave the slight puzzle as to why the Finder didn't simply prompt for authentication instead of cussedly refusing. Sure enough, after trying that, the app still won't go and the error message is unchanged. Another strange thing about this 'app' is that it's not an app at all. Tucked away in a mysterious folder, new to High Sierra, in /Library/StagedExtensions/Applications, its icon is defaced to indicate that the user can't even run it. Neither did the user install it there. Trying to remove it using a conventional Terminal command sudo rm -rf /Library/StagedExtensions/Applications/BlueStacks.app also fails, with the report Operation not permitted.

High Sierra leaves the user wondering what has happened. There's nothing in Apple's scant documentation to explain how this strange situation has arisen, and seemingly nothing more that the user can do to discover what is wrong, or to do anything about it. The clue comes from probing around in Terminal, specifically using a command like ls -lO /Library Try that in High Sierra, and you'll see drwxr-xr-x@ 4 root wheel restricted 128 2 Jan 13:03 StagedExtensions

There are two relevant pieces of information revealed: the @ sign shows that directory has extended attributes (xattrs), and the word restricted that it is protected by System Integrity Protection (SIP). A quick peek inside /Library/StagedExtensions/Applications/BlueStacks.app shows that it is a stub of an app, lacking any main code, but it does contain a kernel extension (KEXT) which is also protected by SIP, by virtue of being inside a SIP-protected folder. > ls -lO /Library/StagedExtensions/Applications
drwxr-xr-x 3 root wheel restricted 96 2 Jan 13:03 BlueStacks.app So how did this third-party kernel extension end up in this mysterious folder, complete with SIP protection?

SIP?

[Anonymous Coward]

Please STOP using existing acronym. SIP has already been in use by something else:

https://en.wikipedia.org/wiki/Session_Initiation_Protocol

By the headline, I was expecting an article to be about how SIP softphones were broke in MAC OS.

Re:

[grasshoppa]

Had the same impression. Was coming in here to post, "Back in my day, every provider broke SIP in their own unique way. Did we whine about it? Well, yes, but then we worked around it.

Get off my lawn".

Re:

[grasshoppa]

K, but is that contextual relevant?

Both the package mentioned in the article and SIP are software applications, and what you put forth is a hardware configuration. It's not unreasonable to assume folks wouldn't confuse them.

Re:

[Hal_Porter]

Please STOP using an existing acronym. SIP is already in use by something else

https://en.wikipedia.org/wiki/Standard_Interchange_Protocol [wikipedia.org]

Re:

[K. S. Kyosuke]

But you're much more likely to have Session Initiation Protocol software in your computer than Standard Interchange Protocol software. (Or Single Inline Packages, for thay matter.)

Re:SIP?

[Hal_Porter]

I use the SIP [wikipedia.org] to do research for the package I'm writing to automate my SIP [wikipedia.org] which I'm writing using SIP [wikipedia.org]. Thanks to the SIP [wikipedia.org] my phone service is good and I don't need to use SIP [wikipedia.org] to phone people.

Re:SIP?

[K. S. Kyosuke]

I imagine you wrote all this while smugly sipping tea. ;)

Re:

[Hal_Porter]

I was but the SIP memory [wikipedia.org] in my PC - powerful and modern 80386 worth $15 - became loose and I had to put my tea down to reseat it.

Re:

[Hal_Porter]

https://en.wikipedia.org/wiki/SIPP_memory [wikipedia.org]

Apparently some early STEs used SIP modules

http://info-coach.fr/atari/har... [info-coach.fr]

They were used on a few 80286 and 80386 machines too.

Re:

[LynnwoodRooster]

From a sippy cup no less!

Re:

[suutar]

all while you SIP [merriam-webster.com] your beverage of choice!

Re:

[alexgieg]

I use the SIP to do research for the package I'm writing to automate my SIP which I'm writing using SIP. Thanks to the SIP my phone service is good and I don't need to use SIP to phone people.

That's what the abbr [w3schools.com] HTML tag is intended to solve. Evidently no one used it for anything remotely useful, but one can imagine text editors implementing them automatically from a dictionary and asking writers to select between the alternatives if there are several and the context doesn't make it clear which one should be the default.

Re:

[Hal_Porter]

SPWOWIBTAIIICTOE - So perhaps write out what is behind the acronym if it isn't immediately clear to everyone.

Re:SIP?

[ArtemaOne]

Shelter In Place
Self Inspection Program
Serial Interface Protocol
System Implementation Plan
Systems Integration Plan
Summer Internship Program
Share Incentive Plan
Signal Image Processing
Sooner If Possible

Re:

[FatdogHaiku]

Given the issue in the summary I think it needs to stand for:
Some Insidious Process

Re:

[flopsquad]

Please STOP using existing acronym.

Nice try, World Wildlife Fund [slashdot.org] sockpuppet!

We don’t have to listen to you and your program of Complete acronym totalitarianism (everywhere, everywhen, everywhich, everywhat, everywhether), better known as “Cat5e”.

Re:

[flopsquad]

Aside: When did links stop working?

Curly quotes

[tepples]

Aside: When did links stop working?

Based on the curly quotes and en.m.wikipedia.org hostname I see on that link's href attribute value in View Source, links in your comments stopped working roughly when you enabled automatic curly quotes on your iPhone or iPad or upgraded your iPhone or iPad to a version of iOS that enabled automatic curly quotes by default. Quoted attribute values in HTML5 must use Basic Latin quotation marks [w3.org], be they single or double.

Re:

[flopsquad]

That was precisely, succinctly, the answer. +3 Mobile Internets to you, sir!

Words With Pandas

[tepples]

Did World Wildlife Fund sue Zynga over Words With Friends [someblogsite.com] or something?

Re:

[flopsquad]

No they forced the (former) World Wrestling Federation, also "WWF" up to that point, to change their name to World Wrestling Entertainment with "WWE" acronym. As an IP attorney, their international, decade-spanning battle over a 3-latter acronym—used as a mark on vastly different goods & services—has always fascinated me.

But given how strident Wildlife was, I'm a little surprised Words With Friends, the Working Women's Forum, or Windows Workflow Foundation are allowed to exist in peace..

Re:

[mrops]

Agree 100%

Re:

[Z00L00K]

Thanks! I got badly confused myself.

Re:

[DontBeAMoran]

Stop Insignificant Postings

Kind of how

[kilodelta]

On Windows 10 you can't kill Cortana. So I just take the route of blocking all access to microsoft's Bing because that is what I found Cortana using to phone home.

Re:

[Megol]

Really? My system doesn't show it running. Microsoft didn't make it easy though which is yet another count against using their products.

Re:

[Darinbob]

Except that Cortan is a Microsoft product and a part of Windows 10. This article is talking about third party apps that won't uninstall.

Re: Kind of how

[sexconker]

Last update: Nov. 10, 2016

There have been 2 major Windows 10 updates since that thing was last updated. There's no way it still manages to block all of the shit, if it ever did.

Andy, another android emulator

[angel'o'sphere]

I warn about that one.
It asks for privileges to install (Mac OS X Applications usually don't need privileges, you just copy them with drag and drop into the Applications folder), then tries to install (with a warning) a "Yahoo Toolbar" and silently installs "Mac Keeper" a mal ware.
But it is easy to remove with sudo "rm ..." ... but I think I used an chmod or chown before that ... don't remember what I actually needed to do to remove it.
There was a background process running, watching the killing of the Mac Keeper process, so you needed to kill that first, remove the exe of that process and then kill Mac Keeper and remove the "Andy" programm.

Re:

[MrLint]

Thus belies another issue with /Applications on macos. Being in the admin group you have permissions to access /Applications beyond that of a normal user. So to say that you dont 'usually need privileges' You do, you already have them. However this is really a problematic behaviro of MacOS, it really should be triggering a superuser exception for that folder.

Re:

[angel'o'sphere]

Sorry, that is nonsense.
You need no special priviledges because a copy of an app you 'install' is just a copy with no special rights.
If a user double cliccks on the app it runs with the users privileges.
Why would you need any special privileges to 'install' it?
Exactly that above is the reason you should be wary IF THE OS ASKES FOR super user rights, beccause for ordinary stuff they are not needed and there never was an intentin or reason to need them!

Re:

[MrLint]

This is the permissions for /Applications

  0 drwxrwxr-x+ 69 root admin 2346 Dec 26 09:05 Applications

Please note the group permissions 'admin' and the file system permissions in octets.
d - directory flag and then Owner (root) [RWX] Group (admin) [RWX] and Other [RX].

Members of the admin group and hot write to /Applications. Users who are not in the admin group will get prompted for elevation.

So turn it off

[mccalli]

So you go to security in preferences, and turn it off. That's also where you'll find your kernel extension which will not have been granted rights to run until you approve it in that preference pane.

Using preferences is hard now?

Re:

[v1]

mycomputer:~ root # csrutil status
System Integrity Protection status: disabled.

guess what, it's disabled! The trick is you have to boot off the recovery partition to flip the bit. It's similar to the process of unsetting the SCHG flag on a file. You can set it with root access, but you can't UNset it if kernel protection mode has been elevated by booting off a normal OS. That is a one-way trip, and a restart is the only way to unset it. In other words, no, you cannot use system prefs to disable SIP. T

Re:So turn it off

[Kenja]

Turn what off? SIP? You can't, there is no option to disable it. It's always on as part of Apple's continued effort to boil the frog until no one notices OS X is now iOS X.

You can [cleverfiles.com], but I wouldn't recommend it. Just use the kextunload command to turn off a kernel extension, it can then be deleted.

Re:

[phayes]

What? Informative information on kernels in a Slashdot post!?! I'd thought that had left along with Taco...

To find the list of loaded kexts use "kextfind -loaded".

Re:

[ilsaloving]

Yes, because you really want the average user who barely understands the difference between left and right mouse clicks, to have the ability to easily modify kernel modules.

Grow up.

Re:

[aaarrrgggh]

Agree; for most users it is a blessing.

For some users, OSX (whoops... MacOS) is becoming a real pain in the ass. They eliminated FTP and Telnet, and they make a number of things that used to be very easy downright painful. Every update I cringe because I need to figure out how to fix their broken implementation of SMB in the new version, make sure my local dhcp server for my office's non-routable VLAN is still intact...

It almost makes me long for systemd. j/k.

Re:

[TheFakeTimCook]

Yes, because you really want the average user who barely understands the difference between left and right mouse clicks, to have the ability to easily modify kernel modules.

Grow up.

Perfect response!

Re:

[phayes]

You'll need to get off your mother's tit before telling me to grow up, junior.

New kexts are not loaded nor protected by SIP initially, they are placed in StagedExtensions and show up in System Preferences>Security & Privacy where "average users" can authorize them.

If "average users" are authorizing kexts, there should also be a GUI for "average users" to remove them.

Re:

[ilsaloving]

Thank you for demonstrating that you have no idea what you (or we) are talking about. We're talking about Kernel Extensions.

Maybe you should spend less energy being indignant, and more into researching what we're talking about.

mac os classic like BS no system wide uninstall sy

[Joe_Dragon]

mac os classic like BS no system wide uninstall system.

Back then windows had the windows installer + 3rd party ones. and the system wide uninstall list.

Re:

[Malc]

Try cleaning up a Windows app that installed device drivers and crap in the registry, and whose uninstaller didn't clean-up these up properly. There's no need to get frothy mouthed about Apple when it's easy enough to contrive similar situations on other platforms. This kind of thing probably happens more frequently on other platforms.

Re:

[TheFakeTimCook]

Try cleaning up a Windows app that installed device drivers and crap in the registry, and whose uninstaller didn't clean-up these up properly. There's no need to get frothy mouthed about Apple when it's easy enough to contrive similar situations on other platforms. This kind of thing probably happens more frequently on other platforms.

Exactly!

Or, on Windows, just TRY to Delete/Rename/Anything-Else to a File that Windows has deemed "In use by another (unnamed) Process".

OMFG! THAT little all-too-easily-encountered "nicety" requires a Reboot, which is really fun when it happens on a frickin' Production File Server...

Re:

[Demena]

Lsof revision 4.89 lists on its standard output file information about files opened by processes for the following UNIX dialects:

Apple Darwin 9 and Mac OS X 10.[567]

FreeBSD 8.[234], 9.0, 10.0 and 11.0 for AMD64-based systems

Linux 2.1.72 and above for x86-based systems

Solaris 9, 10 and 11

Where the hell do you think Microsoft got the idea from? Their staff?

Re: So turn it off

[Malc]

Really? Youâ(TM)d be the first person who found it easy to find out how to unlock files like â$Extend\$RMMetadata\TXfLogâ(TM) when you canâ(TM)t safely eject an external USB drive.

Re: So turn it off

[Malc]

And BTW, in case somebody comes across this via a Google search... this is most commonly resolved by going to Disk Manager and marking a drive offline first. This issue has been annoying and confounding people for years

Re:

[phayes]

It was amusing to watch the 7 digit /. user tell me to grow up. It's hilarious watching him try to snootily tutor you.

Re:

[account_deleted]

Comment removed based on user account deletion

with imac pro you can't remove storage to offline

[Joe_Dragon]

with imac pro you can't remove storage to remove it offline as well. Coming soon in mac os more lock down and down the road limited drivers for GPU's in TB docs. rootless = no updating build in ATI drivers and no NVIDIA ktexts

kextunload command...

[Kenja]

Use the kextunload to unload a kernel extension. It can then be deleted.

does apple need an installer / uninstaller system?

[Joe_Dragon]

does apple need an installer / uninstaller system? Like windows MSI?

Re:

[Kenja]

It has one. It uses packages, similar to many other UNIX systems. However, there is no enforcement for apps to use them and there is no default package manager. Frankly, I avoid packages since they can do things like install kernel extensions.

Re:

[fluffernutter]

Also they don't always clean up very nicely once you remove them, probably due to not everything being kept within their bundle directory. Too much smoke and mirrors, like 'specially' named directories. As parent mentions, there is not one standard way to install. Sometimes you run an executable, sometimes you copy a file into the app directory. Sometimes there are strange folders inside the install screen. It's kind of a mess.

Re:

[Kenja]

My rule of thumb is to avoid anything but "drag the app into your apps folder". Means I don't get to use Flash or Java, but I'll manage.

Re:

[Darinbob]

There are the special cases though. Ie, an older version of Office kept the Windows model of having a "common" directory. Other apps have non trivial files that have to go into "/Library/Application Support". Apple's own products often have a really complicated web of stuff that happens (ie, xcode-select).

Apple should have added some standard way to uninstall though, and I suspect they don't because it would mean acknowledging that not everything fits into the user-friendly application bundle model.

I'm u

Re:

[TheRaven64]

Apple has a standard .pkg format and a standard tool for installing, but no standard way of uninstalling. Most apps are just bundles (folders that appear to be single files in the GUI unless you right-click and say 'show contents') and so are uninstalled by simply deleting them (and are installed by just dragging them to where you want them to live), so this isn't a problem for most things. It is annoying for other things though, and sufficiently annoying that there are third-party tools that will read th

Re:

[TheRaven64]

And, immediately after posting that, I discovered the pkgutil tool, so you should replace the lsbom command with 'pkgutil --files {bundle identifier}'. It still doesn't include an uninstall command (though it does allow you to repair and verify installed packages).

Re:

[Darinbob]

Most "apps" are just directories that are self contained; drag it out of the install media to the install location, and to uninstall you drag it to the trash or delete from the command line.

The few apps that don't fit into that model are the ones that require a package method (ie, files go into both application and library folders). This is reasonably straight forward to install though, but the uninstall is difficult. I often find there's a readme file or a web support page describing how to uninstall and

Re:

[ctilsie242]

It has a packaging system, or one just copies the app to the Applications folder. However, uninstalling is a completely different matter. macOS has no real standard way to uninstall packages, other than to drag the application to the trash, or click the x when the icons wiggle in the Launcher.

macOS really needs a better packaging system. What would be ideal is not just one that can handle installs and clean uninstalls, but to be able to back off updates without reinstalling, similar to AIX's installp. I

Re:

[tepples]

The problem here is that the application includes a kext (kernel module) for some purpose, and applications that include a kext cannot be distributed through Mac App Store.

Mac app store censorship and to much sandboxing

[Joe_Dragon]

Mac app store has content censorship and to much sand boxing

Re:

[rjstanford]

Of course part of that is to disallow this specific situation from happening, where an application took what is arguably too many permissions and buried itself deep into your system.

If you want guaranteed cleanup, you're going to also get some restrictions on how much mess apps can make.

but the content censorship needs to go

[Joe_Dragon]

but the content censorship needs to go

Re:

[Darinbob]

Do lots of users use the Apple Store for applications on a Mac? I know the iphone users do, but it seems somewhat rare on the Mac in my experience. So many tools I use are not on the store anyway, the store requires you to have an Apple ID, and it doesn't fit well into a corporate environment.

Re:

[Pfhorrest]

No, software needs to not rely on installers / uninstallers. I'm automatically suspicious of any bit of software that comes with an installer (on a Mac OS system), because most software doesn't need it: you copy the app to your applications folder (or, for that matter, anywhere you want) and that's it. That's all normal user applications should need. Anything that wants to "install" itself makes me wonder what kind of wonky shit it's doing to my system besides just putting an app into the applications folde

Re:

[TheFakeTimCook]

No, software needs to not rely on installers / uninstallers. I'm automatically suspicious of any bit of software that comes with an installer (on a Mac OS system), because most software doesn't need it: you copy the app to your applications folder (or, for that matter, anywhere you want) and that's it. That's all normal user applications should need. Anything that wants to "install" itself makes me wonder what kind of wonky shit it's doing to my system besides just putting an app into the applications folder.

I'm with you on that feeling.

The only exceptions to that rule are genuine Apple Applications. I trust them not to install a keylogger, etc.

There's a reason

[93 Escort Wagon]

I've stayed on El Capitan (tried Sierra - twice - and eventually rolled back to El Capitan - twice). Unfortunately it will stop getting security updates sometime this summer, though... at which point I'll have to pick my poison and "upgrade".

Re:

[ctilsie242]

I would say the biggest reason to move to 10.13.x is for APFS. It took Apple a long time, but APFS is a decent filesystem. Of course, it would have been nice if Apple licensed ZFS way back when.

Re:

[TheFakeTimCook]

I would say the biggest reason to move to 10.13.x is for APFS. It took Apple a long time, but APFS is a decent filesystem. Of course, it would have been nice if Apple licensed ZFS way back when.

No.

It would have been nice if Oracle had just let ZFS remain Truly Free and Open.

Re:

[ctilsie242]

I learned that the hard way. At least you can create an encrypted APFS volume and install macOS on that, but that doesn't help if it is a default install.

Apple just seems to like giving the middle finger to the enterprise. I'm guessing they expect IT to use MDM tools like JAMF than standard imaging practices.

Re:

[antdude]

Yep, that is why I don't always upgrade for major new versions.

Unix

[fluffernutter]

A unix system is what you want, a unix system is what you get.

Re:

[iggymanz]

no, SIP is Apple's own invention

buy Apple, get Apple weirdness.

still, we were given choice and I like the mac I have from my employer more than windows box I could have had.

Re:

[fluffernutter]

I had the option, but with the kind of work I do a mac would have been lower powered and I would find OS/X way too inefficient.

Re:Unix

[TheRaven64]

SIP is basically the flags part of BSD securelevel 1. At securelevel 1 you can set the user and system immutable flags, but you can't remove them. If you want to, you need to reboot at securelevel 0 (or -1), use chflags to remove the relevant flags, and then delete the files (you can always increase the securelevel, you can't lower it without a reboot). On most BSD systems, securelevel 1 comes with some other restrictions related to opening certain devices, which are not enforced by XNU for SIP. This functionality dates back to 4.4BSD.

Re:

[iggymanz]

macosx had nothing like that though, SIP is recent

Why?

[Impy the Impiuos Imp]

Back in the good old days you could force delete even OS stuff that would wreck the OS, and open files that would crash the computer. This made it easy to get rid of viruses.

Whether they changed this to stop OS problems, or to stop viruses from using it to install themselves, it made virus removal harder as virus writers coopted it to prevent their own removal, when the OS people no doubt thought they had the upper hand.

C'mon /. you're slipping

[LynnwoodRooster]

Clearly the issue is you're uninstalling it wrong!

You know, SIP

[Provocateur]

Stop it people! Stop Insignificant postings!!

Mac sysadmin 101

[guruevi]

You unload the kernel extension, if not, boot into single user mode. How did the thing get there: you or your user installed it with an admin password. It's not a standard app that comes with OS X so there is no other way it got installed.

Cussedly

[deesine]

Great word to use when describing apple os.

Disable SIP, Reboot, Delete App, Enable SIP, Reboo

[Proudrooster]

SIP is there for your protection and the protection of OSX. [apple.com]

If you really want to get rid of the app, here is how to enable/disable SIP. [apple.com]

Apple is trying to clean things up under the covers. They have a new modern filesystem (APFS) added SIP back in El Cap which was a solid security move. I realize things have been a bit shaky lately, but I blame on moving 12,000 people into the new spaceship campus . I am surprised all the developers haven't quit. [dezeen.com]

As the space ship establishes a new workplace morphology, things will get better. Maybe the ex-NSA'ers will head to Apple and bolster security even more.

Re:

[ctilsie242]

Windows has had something very similar since the XP days, where if one blows away a DLL, Windows silently copies it back.

Re:

[Topwiz]

That is for operating system files, not applications.

Re:

[lgw]

As is SIP, it's just that somehow the app was marked as a system file (technically, installed to a system directory). That latter part is the problem: seems like a malware magnet. It makes sense for parts of the kernel, but for apps?

Re:

[Bert64]

It is a malware target, same as the similar feature in windows... There is plenty of windows malware that uses the system protection features to make removal difficult.

Re:

[DontBeAMoran]

One more reason to stay with 10.9.5

The unreadable thing gray fonts of the latest versions being the primary reason.

Re:It's not your computer. It's Apple's

[TheRaven64]

SIP can be disabled. Generally, you don't want to, because it does what it says: protects the integrity of the system, by preventing the user from modifying system files. If you really want to, then reboot into recovery mode, disable SIP, and then reboot into normal mode. This is no different from the procedure for lowering the default securelevel on a BSD system (reboot to single-user mode, tweak the config file, boot to multiuser), does that mean that when you use FreeBSD then the FreeBSD project owns your computer?

Re:

[postbigbang]

Oddly, that's exactly what the post reference link says.

Glad you read it.

Too bad others didn't.

AC's are ignorant.

[phayes]

The reason SIP was protecting the kext is because it was loaded into the actively running kernel. Unload the kext with "kextunload kextfile" and it is no longer protected by SIP and can be removed.

Yes, Apple could make this easier do so without using a shell. Ex: By putting a button in Preferences>Security that pops up a window displaying loaded kexts in a list & a button to unload them.

Re:

[Darinbob]

The problem seems to be third party apps get installed easily, but don't refuse to be uninstalled afterwords without a lot of specialized knowledge. This rarely happened in the past I think because most apps didn't use kernel extensions and those that did usually required specialized instructions to install in the first place.

Definitely the error message should be changed to make it clear what's going on. OSX has been getting more inscrutable over time.

Re:

[phayes]

All true but (IIRC):
- New kexts need to be authorized to be moved from /Library/StagedExtensions to /Library/Extensions
- You authorize this in Security Preferences>Security & Privacy>General where all StagedExtensions show up
- Once you authorize the kext, it gets loaded (where they get protected by SIP) but poof, it never shows up in the Mac GUI anymore.

If there is a GUI to authorize new kexts, there should also be a GUI to unload them.

In my opinion any app that adds kexts like Bluestack should b

Re:

[DontBeAMoran]

Did you mean Sergei Mikhailovich Eisenstein or did you write Albert Einstein's name wrong in an attempt to make your post double-funny?

Re:

[Demena]

At which?

Re:

[guruevi]

As any seasoned Unix sysadmin knows: it's called single user mode. It avoids SIP, Gatekeeper and pretty much all kernel extensions. You can then kextunload or simply delete the file and (optionally) rebuild the kernel cache.

Re:

[avgjoe62]

The Department of Redundancy Department has been made redundant. If you have any questions please consult the Office of Superfluous Offices.

Re:

[TheFakeTimCook]

You can dream, but at the end of the day, lather, rinse repeat and it's still just Apple.

Oh, like no other OS has had the occasional weird permissions issue?

Gimme a break!

Re:

[Demena]

Err.... No, OS X is a BSD.

Re:

[SimonTheSoundMan]

I wouldn't blame the emulator, blame Oracle. The emulator runs off a VirtualBox player VM. I have also found VirtualBox and VMWare to have kernel modules installed on my Mac as well.