OS X El Capitan Introduces System Integrity Protection
Released September 30, 2015, OS X 10.11 shipped with SIP enabled by default — restricting even the root user from modifying protected system files.
OS X El Capitan (10.11), released on September 30, 2015, introduced System Integrity Protection (SIP) — sometimes referred to informally as “rootless” — enabled by default on every supported Mac.
What changed with this release
Before SIP, the root user (or anyone with sudo access) had essentially unrestricted ability to modify any system file, directory, or process on a Mac. SIP changed that at the kernel level: protected system files and directories became off-limits to modification by any process lacking a specific Apple-granted entitlement, regardless of whether that process was running as root. This was a deliberate response to a real, ongoing category of macOS malware that relied on exactly this kind of unrestricted root access to persist on infected systems by modifying core system components.
Why this was a significant release, not just an incremental one
Introducing a restriction this fundamental — one that changes what root itself is allowed to do — is a rare kind of platform change, and it necessarily broke some existing third-party software and workflows that had relied on modifying protected system locations. Apple shipped SIP as an OS-level default specifically because the security benefit (closing off an entire class of persistence technique for malware) was judged to outweigh that transition friction.
How this fits into Apple’s broader security trajectory
SIP’s introduction in El Capitan set a pattern Apple has continued extending since: mandatory, kernel-enforced restrictions that apply even to privileged users, layered on top of (not replacing) the traditional discretionary permission model. The same underlying philosophy — restrict even root, by default, at the kernel level — later extended into related protections covering additional system locations and, on Apple Silicon Macs, an even more thoroughly chained secure boot process from firmware onward.
Sources: System Integrity Protection — Wikipedia, About System Integrity Protection on your Mac — Apple Support