Merge pull request #20400 from nirs/bootpd-check-macos-15

medyagh · web-flow · commit 8c8c23b1f90d · 2025-02-11T10:09:35.000-08:00
Fix bootpd check on macOS &gt;= 15
diff --git a/pkg/minikube/firewall/firewall.go b/pkg/minikube/firewall/firewall.go
@@ -46,6 +46,16 @@ func IsBootpdBlocked(cc config.ClusterConfig) bool {
 	if regexp.MustCompile(`Firewall is disabled`).Match(out) {
 		return false
 	}
+	out, err = exec.Command("/usr/libexec/ApplicationFirewall/socketfilterfw", "--getallowsigned").Output()
+	if err != nil {
+		// macOS < 15 or other issue: need to use --list.
+		klog.Warningf("failed to list firewall allowedsinged option: %v", err)
+	} else {
+		// macOS >= 15: bootpd may be allowed as builtin software.
+		if regexp.MustCompile(`Automatically allow built-in signed software ENABLED`).Match(out) {
+			return false
+		}
+	}
 	out, err = exec.Command("/usr/libexec/ApplicationFirewall/socketfilterfw", "--listapps").Output()
 	if err != nil {
 		klog.Warningf("failed to list firewall apps: %v", err)
