LaunchAgent best practice for turning "off" sockets
I have a LaunchAgent that is configured via Sockets in the plist to listen on several IP+port number endpoints. I would like to make it possible to turn "off" some listening endpoints while the LaunchAgent is running. Here’s a section of my plist: <key>Sockets</key> <dict> <key>RemoteSocket</key> <dict> <key>SockServiceName</key> <string>26666</string> <key>SockFamily</key> <string>IPv4</string> <key>Bonjour</key> <string>myService</string> </dict> My process doesn’t have privileges so I can’t modify the plist. I could simply ignore connection attempts from my kevent code but, as you can see, I’m advertising my service via Bonjour. What is the best practice for doing this? -Mitchell J Laurren-Ring
On 25 Mar 2016, at 21:24, Mitchell Laurren-Ring <lists@rynosoft.com> wrote:
I have a LaunchAgent that is configured via Sockets in the plist to listen on several IP+port number endpoints. I would like to make it possible to turn "off" some listening endpoints while the LaunchAgent is running.
There isn't a good way to do this. launchd jobs are atomic; their services are either all on or all off. You could separate each of your services into a separate launchd job, but even that's a bit tricky. If you're an /agent/ then the job exists in two places: A. it's statically defined by the property list in /Library/LaunchAgents B. each per-user launchd [1] has an in-memory representation of the job Modifying A requires privileges. Modifying B requires privileges for other user's launchd's, but does not require privileges for your launchd. So, if you split your services into separate jobs then you can load and unload those jobs into the current user's launchd context [2] at will. The gotcha being that this only take effect in memory. The next time the user logs out and then logs back in, the settings from A apply. Share and Enjoy -- Quinn "The Eskimo!" <http://www.apple.com/developer/> Apple Developer Relations, Developer Technical Support, Core OS/Hardware [1] Prior to 10.10 these were separate instances of launchd running. Since 10.10 there's only one launchd process but I still find it helpful to think in the older terms. [2] Keep in mind that "current user" means "the user in whose context your launchd agent is running" not "currently logged in user".
How about ignoring the socket when I’m adding my sockets to the kevent queue? Obviously, my Bonjour socket will still be visible but won’t respond to events but we control the client side, too. Is there any drawback to that approach? /Mick
On Mar 29, 2016, at 00:34, Quinn The Eskimo! <eskimo1@apple.com> wrote:
On 25 Mar 2016, at 21:24, Mitchell Laurren-Ring <lists@rynosoft.com> wrote:
I have a LaunchAgent that is configured via Sockets in the plist to listen on several IP+port number endpoints. I would like to make it possible to turn "off" some listening endpoints while the LaunchAgent is running.
There isn't a good way to do this. launchd jobs are atomic; their services are either all on or all off. You could separate each of your services into a separate launchd job, but even that's a bit tricky.
If you're an /agent/ then the job exists in two places:
A. it's statically defined by the property list in /Library/LaunchAgents
B. each per-user launchd [1] has an in-memory representation of the job
Modifying A requires privileges. Modifying B requires privileges for other user's launchd's, but does not require privileges for your launchd. So, if you split your services into separate jobs then you can load and unload those jobs into the current user's launchd context [2] at will. The gotcha being that this only take effect in memory. The next time the user logs out and then logs back in, the settings from A apply.
Share and Enjoy -- Quinn "The Eskimo!" <http://www.apple.com/developer/> Apple Developer Relations, Developer Technical Support, Core OS/Hardware
[1] Prior to 10.10 these were separate instances of launchd running. Since 10.10 there's only one launchd process but I still find it helpful to think in the older terms.
[2] Keep in mind that "current user" means "the user in whose context your launchd agent is running" not "currently logged in user".
_______________________________________________ launchd-dev mailing list launchd-dev@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/launchd-dev
On 30 Mar 2016, at 22:26, Mitchell Laurren-Ring <lists@rynosoft.com> wrote:
How about ignoring the socket when I’m adding my sockets to the kevent queue?
That'll certainly work. The potential gotcha is that a pending connection to this socket is considered 'demand' by launchd, and thus will keep your daemon running. You might be better off accepting, and then immediately closing, these connections. Under normal circumstances that's not a great option, but if you control the client you can code it to handle that pattern. Share and Enjoy -- Quinn "The Eskimo!" <http://www.apple.com/developer/> Apple Developer Relations, Developer Technical Support, Core OS/Hardware
participants (2)
-
Mitchell Laurren-Ring
-
Quinn "The Eskimo!"