site_archiver@lists.apple.com Delivered-To: darwin-kernel@lists.apple.com S+E -- Quinn "The Eskimo!" <http://www.apple.com/developer/> Apple Developer Relations, Developer Technical Support, Core OS/Hardware [1] Well, there is bootstrap_unprivileged, but I've never seen it used. _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.a... At 23:04 +0200 30/5/07, Serge Cohen wrote: PS : Another question is : is there anyway to see the difference between running in a deactivated namespace vs. an activated one but not having the necessary permissions to ope a port? Namespaces don't have permissions as such [1]: if you have a send right for a the namespace's, you can manipulate it. In my experience, a BOOTSTRAP_NOT_PRIVILEGED error always implies a deactivated namespace. At 23:04 +0200 30/5/07, Serge Cohen wrote: The only solution I've found so far is to write a small C program with set-uid to ROOT which first get to the root bootstrap namespace (the one attached to launchd process), then create a sub-namespace (using bootstrap_subset()) and then after going back to real-UID exec whatever I was trying to run. The best way to get into the root bootstrap is via <x-man-page://8/StartupItemContext>. Alternatively, you might look at bootstrap_parent (but I'd really prefer you use StartupItemContext). I'd strongly recommend against getting launchd's bootstrap. While this will give you the root bootstrap on current systems, it probably won't on future systems. But before getting into any of this, it would be a good idea to understand who is deactivating your bootstrap namespace and why. I don't know a lot about Xgrid, so I don't know the answer. Have you tried asking this over on xgrid-users? This email sent to site_archiver@lists.apple.com