Welcome to the new unified Determinate docs experience!
TroubleshootingInstalling Nix fails with `SUIS premount dissented`

Installing Nix fails with SUIS premount dissented

Nix users on macOS in some enterprises may see the following error:

The following macOS configuration profile includes a ‘Restrictions - Media’ policy, which interferes with the Nix Store volume:

A computer-wide profile:

  • Name: Don’t allow mounting internal devices
  • Version: 1
  • ID: Grahams-MacBook-Pro.F2204C07-A533-47D1-B4AA-47E7A3A0A35A
  • UUID: F2204C07-A533-47D1-B4AA-47E7A3A0A35A
  • Installation Date: 2024-05-02 20:48:54 +0000

Users of the nixos.org Nix installer will see a much more cryptic error:

Volume on disk3s7 failed to mount: "SUIS premount dissented"

Or, on older versions of the Determinate Nix Installer:

Failed to execute command with status 1 `"/usr/sbin/diskutil" "mount" "Nix Store"`, stdout:
      stderr: Volume on disk3s7 failed to mount: "SUIS premount dissented"

Background

“SUIS premount dissented” is an obscure error indicating that the SystemUIServer has a policy preventing the disk from being mounted. The SystemUIServer’s policies are distributed through MDM and macOS Profiles.

A dissenting policy may look like this, where mounting internal hard disks is denied:

<key>PayloadType</key>
<string>com.apple.systemuiserver</string>
 
<key>PayloadContent</key>
<dict>
    <key>mount-controls</key>
    <dict>
        <key>harddisk-internal</key>
        <array>
            <string>deny</string>
        </array>
    </dict>
</dict>

SystemUIServer policies are deprecated since macOS 11, but continue to remain effective in later versions of macOS.

Resolution

Your MDM administrator should create an exception to this policy for machines running Nix. macOS machines running Nix should not set this policy option.

External Resources