Re: launchd daemon, spawning children?
Re: launchd daemon, spawning children?
- Subject: Re: launchd daemon, spawning children?
- From: Mario Emmenlauer <email@hidden>
- Date: Fri, 26 Sep 2008 00:20:18 +0200
Hi Damien,
Damien Sorresso wrote:
On Sep 25, 2008, at 9:40 AM, Mario Emmenlauer wrote:
4) Using launchd() works great:
launch_data_t msg = launch_data_alloc(LAUNCH_DATA_DICTIONARY);
launch_data_dict_insert(msg,launch_data_new_string("com.c.App"),
LAUNCH_KEY_STARTJOB);
launch_data_t resp = launch_msg(msg);
but I am missing an interface to set the user. Of course a fixed user
can be chosen in the plist, but then its not dynamic. Also, I can
start an app as root with launchd and setuid from within this app, but
if someone exchanges the app, he will gain root access.
See launchd.plist(5). You can only set a UserName key in a daemon
running under the system launchd.
launchd.plist(5) actually makes no statements on the launch.h API :-(
The API seems quite undocumented. From your answer I deduce that one can
not set up or change launchd.plist's dynamically through launch.h API
calls.
Though if you're looking to launch applications in user sessions from a
root-owned daemon, you're almost certainly going about it wrong. To
launch an application in a user session, you first have to get that
user's session up and running if it isn't already. We don't want
third-party developers trying to bootstrap user sessions.
Ok, that are some hard facts!
I would strongly suggest creating an agent that runs for every user, is
limited to the Aqua session, listens for events and launches the
appropriate application using the appropriate high-level APIs found in
the LaunchServices or AppKit frameworks.
It sounds like good advice, but you're leaving me half way. My situation
is that of a server environment with many users and almost no GUI login.
You are right, a per-user pre-login launchd agent would be a solution, but
it would also come with several drawbacks:
1) a 'manager-daemon' is needed anyways, for centralized network I/O
2) pre-login Agents are only available since Mac OS 10.5, while many of
our users have not yet upgraded
3) One agent per user can be a lot, in large server environments. Leaving
them running is too much, and starting them up via launchd is a lot
slower than the fork/exec or posix_spawn.
I will start by reading (thanks, Garth :)
http://developer.apple.com/technotes/tn2005/tn2083.html#SECDAEMONOMICON
again. Maybe setting up a dedicated user and a single dedicated daemon is
best for me. Thanks for pointing me to the issue of bootstrapping user
sessions in a daemon!
Cheers,
Mario
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden