On Mar 17, 2009, at 9:27 AM, Stuart Crook wrote:
Hi. Could someone help me understand _vprocmgr_move_subset_to_user() and the environmental conditions which cause a call to it to fail.
To explain the context: I'm working with the PureDarwin (www.puredarwin.org ) team, and we've almost got an mutil-user environment up and running. The system is running in standard (ie. not single-user) mode, with the user as root (uid=0, gid=0). A number of daemons including launchd, securityd and DirectoryService are active. "login" will run but fails with the message "Cannot make/remove an entry for the specified session". I've traced the failure down to the pam_launchd module (part of the pam_modules project in Darwin), and specifically to a call to _vprocmgr_move_subset_to_user() (no other failure in this module will produce the exact error code I'm seeing).
The following error messages are printed to the system error log:
Mar 17 16:50:57 VMDarwin com.apple.launchd[1] (com.apple.launchd.peruser.1000[95]): Root Mach bootstrap cannot be transferred. Mar 17 16:50:57 VMDarwin login[94]: USER_PROCESS: 94 ttys000 Mar 17 16:50:57 VMDarwin com.apple.launchd[95] (0x1010b0.login[94]): Bug: launchd_core_logic.c:6292 (23646):1100: kr == 0
_vprocmgr_move_subset_to_user() is being called with arguments uid=1000 and session_type="StandardIO" (the default, I believe). I've tried following the source (from 258.19) but become lost when I can't find vproc_mig_swap_integer().
So, bearing in mind that this is a version of Darwin assembled from pieces rather than OS X, can anyone suggest why creating a user session like this may fail? What steps do we need to take to assemble an environment which will allow user session creations? Any and all help will be appreciated.
(And if you'd like to assemble your own test environment, grab the VMWare image from http://sites.google.com/a/puredarwin.org/puredarwin/downloads/xmas and then follow the instructions here: http://sites.google.com/a/puredarwin.org/puredarwin/developers/network ).
login is calling into pam_launchd, which calls into _vprocmgr_move_subset_to_user(), and it resides in the root Mach bootstrap, i.e. the bootstrap provided by the PID 1 launchd. The SPI is calling "_vprocmgr_move_subset_to_user()" because it moves a bootstrap subset, not a root bootstrap. So have login call the Security framework's SessionCreate() SPI before calling into pam_launchd. That should do the trick. For the record, I desperately want to remove this SPI in SnowLeopard. -- Damien Sorresso BSD Engineering Apple Inc.