“bad interpreter: Operation not permitted” Error on El Capitan
My team is writing a Mac OS application that needs to call a shell script in an external directory.
The application works fine on Yosemite (10.10.3). However, if I run it on El Capitan (10.11.2), the application gets errors like this from the script:
/bin/bash: <path-to-script>: /bin/sh: bad interpreter: Operation not permitted
I can trigger this error on a simple script like this:
#!/bin/sh
echo "Hello World!"
I do not get an error if I run the scripts manually from the Terminal.
The application opens the script directory using a filechooser. I confirmed that the application can read other files from this directory.
Changing /bin/sh to /bin/bash or a copy of /bin/sh on a different path gives the same error with the new interpreter path.
A coworker tested this issue on a El Capitan machine with System Integrity Protection disabled, but he got the same error.
I am installing the test application from a .pkg file. The entitlements are:
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.network.client</key>
<true/>
<key>com.apple.security.files.bookmarks.app-scope</key>
<true/>
<key>com.apple.security.files.user-selected.read-write</key>
<true/>
Adding the com.apple.security.files.user-selected.executable entitlement did not make a difference
If I try to run the .app that is generated in an intermediate step in the package build, I am able to run the script with no errors.
The question below describes a similar error. However, I checked both the application and the script, and I found that neither one had the com.apple.quarantine attribute set.
Mac OS: /usr/bin/env: bad interpreter: Operation not permitted
--- UPDATE ----
We added two more in PKG entitlement list:
<key>com.apple.security.scripting-targets</key>
<true/>
<key>com.apple.security.temporary-exception.apple-events</key>
<true/>
We tried to run the simple .sh file by an AppleScript (.scpt) file (stored in application directory), we also confirmed that the .sh file nor the .scpt file has any extended attribute as well, but we still have that error.
Following shows ls -@Oel commands on both AppleScript and shell script file respectively.
$ ls -@Oel TestMXMLCall.scpt
-rwxrwxrwx 1 root wheel - 2302 Jun 15 03:12 TestMXMLCall.scpt
$ ls -@Oel /usr/local/bin/mxmlc
-rwxr-xr-x 1 santanukarar staff - 2190 Jun 15 01:17 /usr/local/bin/mxmlc
Answer
try this:
$ ls -l@ whereverthescriptis
If it says it's got com.apple.quarantine, that's the problem. Run one of these on it, from least dangerous to most:
$ xattr -d com.apple.quarantine whereverthescriptis # delete that attr
$ xattr -c whereverthescriptis # delete ALL the attrs on file
$ xattr -c * # on every file in this dir
$ xattr -cr . # and all subdirectories