Re: testing the current bootstrap context?
Re: testing the current bootstrap context?
- Subject: Re: testing the current bootstrap context?
- From: Bill Janssen <email@hidden>
- Date: Thu, 9 Apr 2009 08:03:40 PDT
- Comments: In-reply-to Terry Lambert <email@hidden> message dated "Thu, 09 Apr 2009 05:37:46 -0700."
Terry Lambert <email@hidden> wrote:
> On Apr 8, 2009, at 4:50 PM, Bill Janssen wrote:
> > The only way to do this in Leopard seems to be with launchd, which
> > seems
> > to do the right thing. The main problem with using launchd here is
> > that
> > users cannot manipulate their own server; you can either use a root
> > LaunchDaemon which only root can unload, or a user LaunchDaemon
> > which is
> > again fatally bound to the login bootstrap context.
>
> Actually, Damien pointed out that you can call bootstrap_subset(), but
> I imagine you might consider this to count as "fatally bound", with it
> being an inferior member of the hierarchy of that context.
Right. The problem is that the user eventually logs out, so anything
that's inherited from the login bootstrap context will start
experiencing failures. We noticed this some months ago when we couldn't
resolve DNS addresses in the daemon, but couldn't figure out at the time
just why.
> You could always have a root LaunchDaemon that owned the context via
> bootstrap_subset(), and it could voluntarily respond to outside proxy
> requests to manipulate it from non-root users, which is effectively
> how loginWindow handles it, and how the per-user launchd handles it.
> The model is a little more complicated, but it would work.
Yes, thanks for the idea. Though I'm guessing that at this point more
developers would turn to setuid scripts -- which is perhaps another
reason to provide a more comprehensive strategy.
Bill
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden