I have a MacOS app bundle which is distributed as a DMG drag & drop installer. Recently the requirement of connecting to a VPN from inside the application got added, which works fine if the binary is called with sudo but not when launching from the .app bundle.
Is there any way of making this work forever with only asking for the user to authenticate the very first time?
The (strongly) recommended way of doing this is via a privileged helper tool, which can be installed from the app using SMJobBless(). Once installed, your app can communicate with the privileged tool using XPC, and the tool will always run with root privileges, while your app remains unprivileged.
Apple maintains a sample project on how to do this: