On 29 Aug 2020, at 05:44, Satish Balay via petsc-dev <[email protected]<mailto:[email protected]>> wrote:
Likely firewall is disabled. I've recently rebuild a bunch of boxes - and don't remember explicity disabling firewall. [well I did something to enable ssh - maybe that was disabling firewall] I see the firewall is disabled on all of them balay@ypro ~ % defaults read /Library/Preferences/com.apple.alf globalstate 0 balay@ypro ~ % Ref: https://raymii.org/s/snippets/OS_X_-_Turn_firewall_on_or_off_from_the_command_line.html BTW: Perhaps the following setting will prevent popups? [but it might break stuff that need network?] sudo defaults write /Library/Preferences/com.apple.alf globalstate -int 2 2 = on for essential services https://discussions.apple.com/thread/3148672 So I don't think that's an option for normal people - I don't think anybody is keen to limit the network functionality on their laptop (e.g. disable Spotify) just for sake of PETSc testing. So I still think the automated targeted firewall rules I propose are better for most guys. The question is how much automated solution we want to offer. Vaclav Satish On Fri, 28 Aug 2020, Matthew Knepley wrote: Which OS is this? It does not happen on my Catalina. Thanks, Matt On Fri, Aug 28, 2020 at 10:52 PM Barry Smith <[email protected]<mailto:[email protected]>> wrote: On Aug 28, 2020, at 3:47 PM, Jed Brown <[email protected]<mailto:[email protected]>> wrote: "Hapla Vaclav" <[email protected]<mailto:[email protected]>> writes: On MacOS, maybe you also have lots of firewall popups appearing/disappearing when running tests like Do you want the application "ex29" to accept incoming network connections? Is there a way to express that the application does not need (should not accept) incoming connections? Yes, this also seems to work: sudo $$FW --block $$APP instead of sudo $$FW --unblock $$APP The parallel program still runs correctly to conclusion without the popup. So my conclusion is that at listen() or some later system call it always pops up the window (unless the user as already blocked or unblocked the executable) without regard to whether an outside (from the machine) connection to the process is attempted. The routine has an undocumented option -a <listen or accept> when you run with /usr/libexec/ApplicationFirewall/socketfilterfw -d -a accept it prints ASKWHENACCEPT which seems to indicate it will delay the popup until an accept is called but I can't confirm this because the debugger never stops in accept on one process but the popup still comes up so this argument may be ignored. If I were Junchao I would not do the popup until the code tried to accepted an EXTERNAL connection (the lazy evaluation) but I cannot get it to behave this way. If I disconnect from the network I still get the popups. The pop up is asynchronous also, when the popup is still up the program keeps run (even in parallel) and ends normally. Then the popup disappears. Apple could make this friendly without hurting security but then Apple never cared about external developers for the Mac. Normalizing sudo during build/testing seems really bad.
