Update: I made an incorrect assumption regarding SIP and the change with 10.12.4. This post has been corrected. Thanks Patrick Gallagher and Pepijn Bruienne for pointing out the mistake.

New with 10.12.4, Apple has decided to protect the locationd LaunchDaemon with System Integrity Protection (SIP).

If you are not aware the locationd daemon is used for Location Services. This is the process that drives: FindMyMac, “Set time zone automatically using current location”, it allows applications to locate your computer, and more.

Some points to take away from this change:

  1. this modification happened during a point release
  2. this restricts the ability to load and unload the daemon in any automated fashion
  3. this breaks many of the bash scripts floating around that are used to enable the auto time zone feature

With 10.12.4 Apple has removed the locationd service from the RemovableServices dictionary in /System/Library/Sandbox/ You can see the full diff here. Over 400 other services have also been removed from this list. However, a handful of services have been added to this list.

This means you are no longer able to unload the daemon with:

sudo launchctl unload /System/Library/LaunchDaemons/

If you try you will receive the following error:

/System/Library/LaunchDaemons/ Operation not permitted while System Integrity Protection is engaged

As a bonus the above unload will result in an exit 0 if you check via:

echo $?

You can also verify that the service is indeed running with:

sudo launchctl list | grep locationd

Seeing as how you might want to make changes to location services you work around this restriction with a killall -9 locationd. At least for now…

Hat tap to Michael Pinto (@pintom) and Balmes Pavlov (@bp) for the ping that lead to this discovery in the MacAdmins Slack.