(UPDATE: 9 /) / 5: 00 CST – This article will be continuously updated until a solution is found and is a work in progress.
# Varsectomy FAQ- Index
- 1. What is theissue?– #Varsectomy
- 2. Which macOS Versions are affected?
- 3.Specific Mac Hardware?
- 4.SIP – System Integrity Protection
- Avid orGoogle Chrome Keystone Update causing this issue?
- 6. How can I check my / var symlink?How can I fix the issue?
- 8.Jamf Pro Extension Atribute
- 10.Credit– Further investigation by #MacAdmins
1. What is the Issue?– #Varsectomy
Late Yesterday #MacAdmins started to report that some of their systems would not boot. They would have the following issue.
- 1. After rebooting the affected system it would Kernel Panic. The system will reboot only to KP again
- 2. User Logs out and the system shows the Setup Assistant.
- 3. The System Kernel Panics into a boot Loop.
Join the #Varsectomy channel in MacAdmins Chat for the latest findings!
2.Which macOS Versions are affected?
MacOS (********************************************************************************. 9 – 10. 14 Mojave
NOTE: macOS 10 .9 & 10. 10 so not have SIP. System Integrity Protection was introduced in macOS 10. 11 El Capitan.
3.Specific Mac Hardware?
At first it was first reported that the 2013 Mac Pro was affected, this is not true.
Now it seems the issue affectsall Macs that have SIP (System Integrity Protection ) Disabled or turned OFF
Check if SIP is enabled by running
System Integrity Protection status: enabled.
System Integrity Protection status: disabled
4. SIP – System Integrity Protection
All Reports so far look to be from Macs that have SIP Disabled!
Please do not disable SIP, it was created to protect macOS from this very issue.
5.AVID or Google Chrome Keystone Update causing this issue?
Looks like the issue isNOT AVID! Some AVID users may need to DISABLE SIP for 3rd party Video Card support.
After investigation from some of the top minds in theMacAmins Slack Chat#varsectomy channel it was found that the Google Keystone Updater was at the heart of the issue.
You can run the Google Chrome Keystone Updater Manually to see what happens.
~ / Library / Google / GoogleSoftwareUpdate / GoogleSoftwareUpdate.bundle / Contents / Resources / GoogleSoftwareUpdateAgent.app / Contents / MacOS / GoogleSoftwareUpdateAgent -runmode oneshot
Thank youeholtamfor the VM investigation and Screenshots!
After kicking off the update you can see the problem below.
Found and deleted symlink at path / var
6. How do I check my / var symlink?
Check to see if your / var symlink was modified by running the following command.
ls -ldO / var
You should get one of the following outputs. The first one below means that your / var volder is SIP protected (notice the
restrictedflag) and the proper sym link / var ->private / var
lrwxr-xr- x @ 1 root wheel restricted, hidden Apr 1 2018 / var ->private / var
The next one means that your symlink is broken and the folder is NOT SIP Protected.
drwxr-xr- x 5 503 wheel - (Sep 24 14: 37 / var
You will have to boot into recovery, repair the / var symlink and reset the restricted flags.
7. How can I fix the issue?
Fix from MacAdmins UserJuest
First you have to fix the / var symlink so it shows
/ var ->private / var
Then you have to remove the affected
1. Boot into Recovery 2. Launch Terminal # chroot / Volumes / [affected install] # mv var vv # ln -s private / var var # chflags -h restricted / var # chflags -h hidden / var # xattr -sw com.apple.rootless "" / var remove launch agents from / Users / [affected user] / Library / LaunchAgents / - com.google.keystone.agent.plist - com.google.keystone.xpcservice.plist # exit (recommended) # csrutil enable 8. Reboot
8. Jamf Pro Extension Attribute
This will help you find machines that are in a state where the / var sys link is broken. Thanks @neilmartin 83
#! / bin / bash
if [[ -h /var ]]; then
echo " (symlink) "
elif [[ -d /var ]]; then
Below are a few of the reports. It first started out as “AVID Hollywood Mac Pro boot problem“.
10. Credit! – Further investigation by #MacAdmins
- @rtrouton for the cool / var Logo!
- @ bradtchapman for #Varsectomy
- @ eholtam for investigation and screen shots.
- All active users in MacAdmins Chat #varsectomy