Apple’s macOS UNIX certification is a lie

As an online discussion grows longer, the probability of a someone mentioning macOS is a UNIX approaches 1. In fact, it was only late last year that The Open Group announced that macOS 15.0 was, once again, certified as UNIX, continuing Apple’s long-standing tradition of certifying macOS releases as “real” UNIX®. What does any of this actually, mean, though? Well, it turns out that if you actually dive into Apple’s conformance statements for macOS’ UNIX certification, it doesn’t really mean anything at all.

First and foremost, we have to understand what UNIX certification really means. In order to be allowed to use the UNIX trademark, your operating system needs to comply with the Single UNIX Specification (SUS), which specifies programming interfaces for C, a command-line shell, and user commands, more or less identical to POSIX, as well as the X/Open Curses specification. The latest version is SUS version 4, originally published in 2008, with amendments published in 2013 and 2016, which were rolled up into version 4 in 2018. The various versions of the SUS that exist, in turn, correspond to a specific UNIX trademark. In table form:

TrademarkSUS versionSUS published in:SUS last amended in:UNIX® 93n.a.n.a.n.a.UNIX® 95Version 11994n.a.UNIX® 98Version 21997n.a.UNIX® 03Version 320022004UNIX® V7Version 420082016 (2018 for roll-up)

When you read that macOS is a certified UNIX, which of these versions and trademarks do you assume macOS complies with? You’d assume they would just target the latest trademark and SUS version, right? This would allow macOS to carry the UNIX® V7 trademark, because they would conform to version 4 of the SUS, which dates to 2016. The real answer is that macOS 15.0 only conforms to version 3 of the SUS, which dates all the way back to the ancient times of 2004, and as such, macOS is only UNIX® 03 (on both Intel and ARM). However, you can argue this is just semantics, since it’s not like UNIX and POSIX are very inclined to change.

So now, like the UNIX nerd that you are, you want to see all this for yourself. You use macOS, safe in the knowledge that unlike those peasants using Linux or one of the BSDs, you’re using a real UNIX®. So you can just download all the tests suites (if you can afford them, but that’s a whole different can of worms) and run them, replicating Apple’s compliance testing, seeing for yourself, on your own macOS 15 installation, that macOS 15 is a real UNIX®, right? Well, no, you can’t, because the version of macOS 15 Apple certifies is not the version that’s running on everyone’s supported Macs.

To gain its much-vaunted UNIX certification for macOS, Apple cheats. A lot.

The various documents Apple needs to submit to The Open Group as part of the UNIX certification process are freely available, and mostly it’s a lot of very technical questions about various very specific aspects of macOS’ UNIX and POSIX compliance few of us would be able to corroborate without extensive research and in-depth knowledge of macOS, UNIX, and POSIX. However, at the end of every one of these Conformance Statements, there’s a text field where the applicant can write down “additional, explanatory material that was provided by the vendor”, and it’s in these appendices where we can see just how much Apple has to cheat to ensure macOS passes the various UNIX® 03 certification tests.

In the first of these four documents, Internationalised System Calls and Libraries Extended V3, Apple’s “additional, explanatory material” reads as follows:

Question 27: By default, core file generation is not enabled. To enable core file generation, you can issue this command:

sudo launchctl limit core unlimited

Testing Environment Addendum: macOS version 15.0 Sequoia, like previous versions, includes an additional security mechanism known as System Integrity Protection (SIP). This security policy applies to every running process, including privileged code and code that runs out of the sandbox. The policy extends additional protections to components on disk and at run-time, only allowing system binaries to be modified by the system installer and software updates. Code injection and runtime attachments to system binaries are no longer permitted.

To run the VSX conformance test suite we first disable SIP as follows:

– Shut down the system.– Press and hold the power button. Keep holding it while you see the Apple logo and the message “Continue holding for startup options”– Release the power button when you see “Loading startup options”– Choose “Options” and click “Continue”– Select an administrator account and enter its password.– From the Utilities menu in the Menu Bar, select Terminal.– At the prompt, issue the following command: “csrutil disable”– You should see a message that SIP is disabled. From the Apple menu, select “Restart”.

By default, macOS coalesces timeouts that are scheduled to occur within 5 seconds of each other. This can randomly cause some sleep calls to sleep for different times than requested (which affects tests of file access times) so we disable this coalescing when testing. To disable timeout coalescing issue this command:

sudo sysctl -w kern.timer.coalescing_enabled=0

By default there is no root user. We enable the root user for testing using the following series of steps:– Launch the Directory Utility by pressing Command and Space, and then typing “Directory Utility”– Click the Lock icon in Directory Utility and authenticate by entering an Administrator username and password.– From the Menu Bar in Directory Utility:– Choose Edit -> Enable Root User. Then enter a password for the root user, and confirm it.– Note: If you choose, you can later Disable Root User via the same menu.
↫ Apple’s appendix to Internationalised System Calls and Libraries Extended V3

The second conformance statement, Commands and Utilities V4, has another appendix, and it’s a real doozy (the […] indicate repeat remarks from the previous appendix; I’ve removed them for brevity):

Testing Environment Addendum:

[…]

By default, the APFS file system updates a file’s atime lazily. To run the Conformance Test Suites, or more generally to get UNIX Standard atime behavior, mount the test partitions (including /System/Volumes/Data) with the “strictatime” option: mount -o strictatime

APFS file systems can be formatted as either case-sensitive or case-insensitive. Always format as case-sensitive for UNIX Conformant behavior.

macOS has a file indexing service, Spotlight, that runs in the background and may affect file access times. For UNIX Conformance Testing we disable Spotlight. You can do that with this command: sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.metadata.mds.plistSpotlight can be re-enabled with:sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.metadata.mds.plist

[…]

[…]

In macOS Sequoia the root volume is authenticated and immutable. Because of this, and because of the way that you have to configure uucp, you should take the following steps before using uucp (and we do these before running the uu* tests):

Copy the following binaries from /usr/bin to /usr/local/binuucpuunameuustatuux

Copy the following binaries from /usr/sbin to /usr/local/bin:uucicouuxqt

In /usr/local/bin, turn on the setuid bit for these binaries:sudo chmod +s /usr/local/bin/uu*(This is the step that you cannot perform within /usr/bin or /usr/sbin)

Add /usr/local/bin to your PATH preceding /usr/bin and /usr/sbin

Enable the uucp service:sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.uucp.plist

↫ Apple’s appendix to Commands and Utilities V4

The third and fourth conformance statements have no appendix.

Interestingly enough, on top of the appendices, Apple also has four “Temporary Waivers“. These are waivers granted at the sole discretion of The Open Group for a “limited number of implementation errors” that are “demonstrated to be of a minor nature, with negligible impact on interoperability or portability”. These are valid for 12 months, after which the applicant must have removed the errors from its product. These waivers, and its resolutions, must be made public, but I think they’re only made public to registered, paying customers – so I can’t download them to take a look at them. I honestly doubt these are particularly interesting, but I figured I’d mention it anyway.

So, if you want your installation of macOS 15.0 to pass the UNIX® 03 certification test suites, you need to disable System Integrity Protection, enable the root account, enable core file generation, disable timeout coalescing, mount any APFS partitions with the strictatime option, format your APFS partitions case-sensitive (by default, APFS is case-insensitive, so you’ll need to reinstall), disable Spotlight, copy the binaries uucp, uuname, uustat, and uux from /usr/bin to /usr/local/bin and the binaries uucico and uuxqt from /usr/sbin to /usr/local/bin, set the setuid bit on all of these binaries, add /usr/local/bin to your PATH before /usr/bin and /usr/sbin, enable the uucp service, and handle the mystery issues listed in the four Temporary Waivers.

Then, and only then, is your macOS 15.0 actually UNIX® 03-certified.

This is batshit insane. I can guarantee you with 100% certainly not a single macOS installation in the entire history of macOS – let alone when just counting macOS 15.0 – has implemented even half of these changes. I’m sure there is a small number of people who have System Integrity Protection disabled permanently, and an even smaller number of people who have enabled the root account, and an even smaller number of people who have done both of those things – but that’s it. All the other changes are far too obscure and specific to be of any use to anyone.

For fairness’ sake, I also took a look at the Conformance Statements for some of the other UNIX-certified operating systems. The only operating system and version that is UNIX® V7-certified is IBM’s AIX 7.2 TL5 (or later), and it has just one note from IBM, containing a single change you need to apply to AIX 7.2 TL5 pass the UNIX® V7 certification process:

Full response to Question 28: The AIX default socket listen queue length is 1024, the maximum is 32767, the value must be modified by using the “no -o somaxconn=5” command to set UNIX03 conforming length of 5.
↫ IBM’s appendix to Internationalised System Calls and Libraries Extended V4

Looking at one of the other UNIX® 03-certified operating systems, there’s HP-UX 11.31 for Itanium, which does have some remarks in its appendices, but they’re informative, and don’t specify any changes that need to be applied to HP-UX to make it pass UNIX® 03 certification testing. For Solaris, there’s a ton of remarks about the differences between Solaris for x86 and Solaris for SPARC, including differences between the 32bit and 64bit variants of those architectures, but that’s it for Solaris. AIX, HP-UX, and Solaris do not require any meaningful changes to pass UNIX certification testing.

I can only conclude that macOS 15.0’s UNIX® 03-certification is a lie. If you need to implement this many drastic changes to your operating system to make it pass the UNIX® 03-certification tests, you’re really not UNIX® 03-compliant. Let me be very clear that this is not some sort of “gotcha!”, scandal, or “-gate”; UNIX-certification for macOS is not some sort of diabolical marketing scheme devised by C-level executives at Apple, trying to lure unsuspecting customers into buying Macs because they’re UNIX-certified. I doubt Tim Cook even knows who on earth The Open Group are. The cold and harsh truth is that literally nobody but a few nerds like us care about this, and even then the level of care we display is minute.

I do think, however, that this puts some serious question marks around just how valuable the UNIX trademark really is, and what it really means for an operating system to be UNIX-certified. If macOS can be a “real” UNIX when literally not a single macOS installation in the world can even pass the certification tests to begin with, what are we really doing here?

This makes one wonder why Apple is allowed to list this many onerous caveats and still be granted the right to use the UNIX® 03 trademark, and I honestly have no idea. The Open Group and its certifications do have an air of pay-to-play, but Apple is only a silver member, which costs a measly $22000 per year – an absolute pittance for Apple. The costs for certification can add up to a bit more depending on which parts Apple uses, but at most it’ll be a few hundred thousand dollar per year, but more likely much less than that. All in all, a total pittance for Apple, and looking at the huge list of gold and silver members, as well as the massive names that are platinum members, losing Apple as a member would barely be a blip on The Open Group’s radar. The silver members alone generate several millions of dollars in revenue each year, so Apple’s contributions really don’t seem all that consequential.

I think the reality is a lot less exciting: deep inside Apple there are probably still a few hardcore UNIX people who do actually really care about this, and they clearly don’t mind spending some work time keeping the certification train going. While the certification document for ARM was written by a fairly new Apple software engineer in the CoreOS group, Mansi Agarwal (who joined Apple in June of 2023), the certification documents for macOS on Intel were written by Fred Zlotnick, who joined Apple in 2015, and has a long history working on UNIX products.

He worked at a company called Mindcraft from 1989 to 1995, which was an Accredited POSIX Testing Laboratory, then spent almost 15 years working for Sun Microsystems on the Solaris operating system, leading teams of dozens of kernel engineers. While at Sun, he worked on the core I/O subsystem of Solaris, the InfiniBand stack, things like the IP, TCP and UDP stacks, ZFS, and more. After a few short stints at other companies, including leading an Illumos kernel team at Nexenta, he ended up at Apple, where he would work until his retirement in 2023.

That’s some serious pedigree, and it’s not difficult to imagine people like that don’t mind breaking, twisting, turning, and mangling macOS to somehow still hammer it through a UNIX-shaped hole. The question is, though, for how long?