launchd daemon launch delayed when (Snow) Leopard Server Firewall is on (port is open)
We've found a problem with Daylite Server that if we turn on the Leopard Server Firewall and open the Daylite Server ports for incoming connections, launchd doesn't seem to get notified, or at best there is a long delay, which exceeds our timeout. Longer than two minutes. I have confirmed that launchd does eventually wake up by connecting with telnet. Turning the firewall off results in normal behaviour. I'm not sure where to start to identify the source of the problem. I could not find any other reports of this exact behaviour. If anyone has any thoughts or can point me in the right direction, that would be appreciated. Here is the property list as it is found in /Library/LaunchDaemons: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>GroupName</key> <string>_dayliteserver</string> <key>Label</key> <string>com.marketcircle.daylite.dlserver</string> <key>ProgramArguments</key> <array> <string>/Library/Application Support/Daylite Server/Daylite Server.bundle/Contents/MacOS/DLServer</string> </array> <key>Sockets</key> <dict> <key>Listeners</key> <dict> <key>Bonjour</key> <string>dlserver</string> <key>SockServiceName</key> <string>6113</string> </dict> </dict> <key>StandardErrorPath</key> <string>/Library/Application Support/Daylite Server/Logs/Daylite Server.log</string> <key>UserName</key> <string>_dayliteserver</string> <key>inetdCompatibility</key> <dict> <key>Wait</key> <false/> </dict> </dict> </plist> -- Brent Gulanowski
Brent, One thing I noticed is that your "SockServiceName" references a port number instead of a service name. ALF (Application Layer Firewall) in Mac OS X looks for the service being enumerated in /etc/services and expects it to be referenced by name in that file - so it assumes it's a known and trusted service and not some spyware trying to make outbound connections. You may have some more work to do before the firewall respects your service. I'm not certain this is a launchd issue at all. On Sep 5, 2009, at 2:09 PM, Brent Gulanowski wrote:
We've found a problem with Daylite Server that if we turn on the Leopard Server Firewall and open the Daylite Server ports for incoming connections, launchd doesn't seem to get notified, or at best there is a long delay, which exceeds our timeout. Longer than two minutes. I have confirmed that launchd does eventually wake up by connecting with telnet. Turning the firewall off results in normal behaviour.
I'm not sure where to start to identify the source of the problem. I could not find any other reports of this exact behaviour. If anyone has any thoughts or can point me in the right direction, that would be appreciated.
Here is the property list as it is found in /Library/LaunchDaemons:
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>GroupName</key> <string>_dayliteserver</string> <key>Label</key> <string>com.marketcircle.daylite.dlserver</string> <key>ProgramArguments</key> <array> <string>/Library/Application Support/Daylite Server/ Daylite Server.bundle/Contents/MacOS/DLServer</string> </array> <key>Sockets</key> <dict> <key>Listeners</key> <dict> <key>Bonjour</key> <string>dlserver</string> <key>SockServiceName</key> <string>6113</string> </dict> </dict> <key>StandardErrorPath</key> <string>/Library/Application Support/Daylite Server/Logs/Daylite Server.log</string> <key>UserName</key> <string>_dayliteserver</string> <key>inetdCompatibility</key> <dict> <key>Wait</key> <false/> </dict> </dict> </plist>
-- Brent Gulanowski
_______________________________________________ launchd-dev mailing list launchd-dev@lists.macosforge.org http://lists.macosforge.org/mailman/listinfo.cgi/launchd-dev
At 15:57 -0500 16/9/09, Dean Shavit wrote:
ALF (Application Layer Firewall) in Mac OS X looks for the service being enumerated in /etc/services and expects it to be referenced by name in that file [...]
It does? That's news to me. How did you come to that conclusion? AFAIK ALF is not integrated with either launchd nor /etc/services. S+E -- Quinn "The Eskimo!" <http://www.apple.com/developer/> Apple Developer Relations, Developer Technical Support, Core OS/Hardware
participants (3)
-
Brent Gulanowski
-
Dean Shavit
-
Quinn