Using dtrace on MacOS with SIP enabled

<h2>The problem</h2> <p>On all current MacOS versions (Catalina 10.15.x, Big Sur 11.x) System Integrity Protection (<code>SIP</code>) is enabled by default and prevents most uses of&nbsp;<code>dtrace</code>&nbsp;and other tools and scripts based on it (i.e.&nbsp;<code>dtruss</code>).</p> <p>The usual way to make dtrace work on MacOS is to&nbsp;<strong>boot into recovery mode</strong>&nbsp;and disable some of the SIP protections:</p> <pre> csrutil enable --without dtrace</pre> <p>However, this&nbsp;<strong>only</strong>&nbsp;works if you actually&nbsp;<em>can</em>&nbsp;boot into recovery mode &mdash; which isn&rsquo;t the case if your Mac is in a remote place and you can only access it through some sort of software-based Remote Desktop (i.e. VNC, Apple Remote Desktop, Teamviewer, etc).</p> <p>It&rsquo;s also not possible (at least not via self-service to the best of my knowledge) to disable SIP on most Mac Cloud providers, like&nbsp;<a href="https://aws.amazon.com/ec2/instance-types/mac/" rel="noopener ugc nofollow" target="_blank">AWS EC2</a>,&nbsp;<a href="https://flow.swiss/mac-bare-metal" rel="noopener ugc nofollow" target="_blank">Flow Swiss</a>&nbsp;or&nbsp;<a href="https://www.macstadium.com/" rel="noopener ugc nofollow" target="_blank">MacStadium</a>. Same for Mac CI runners on services like&nbsp;<a href="https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners" rel="noopener ugc nofollow" target="_blank">GitHub Actions</a>. (For AWS, support has confirmed that it&rsquo;s not possible at all).</p> <p><a href="https://poweruser.blog/using-dtrace-with-sip-enabled-3826a352e64b"><strong>Read More</strong></a></p>