Stopping and unloading an agent from root-privileged application
Hello How could i stop an agent from root-privileged application? if i am working in a terminal, i can type: % launchctl stop my.agent % launchctl unload /Library/LaunchAgents/my.agent.plist if i type % su % launchctl stop my.agent % launchctl unload /Library/LaunchAgents/my.agent.plist i get an error (because this "sudo launchctl" controlls "System domain" launchd instance, not a "user session"'s one) Is there a way to explicitly specify from a Root terminal that i want to stop an agent that is loaded by launchd of the current user session? I tried to specify "sudo launchctl -S Aqua unload /Library/LaunchAgents/my.agent.plist" but it says "Error unloading plist". I need that because i want, among a lot of other work, to stop and unload an agent from a Privileged helper tool. Is there any way to do that? Thanks
eveningnick eveningnick <mailto:eveningnick@gmail.com> wrote (Tuesday, January 4, 2011 12:57 PM +0200):
How could i stop an agent from root-privileged application?
if i am working in a terminal, i can type:
% launchctl stop my.agent % launchctl unload /Library/LaunchAgents/my.agent.plist
if i type
% su
su? Really? That's so last century.
i get an error (because this "sudo launchctl" controlls "System domain" launchd instance, not a "user session"'s one)
Is there a way to explicitly specify from a Root terminal that i want to stop an agent that is loaded by launchd of the current user session?
Dude, root can do anything! Try this. % sudo -u <username|#uid> launchctl stop my.agent % sudo -u <username|#uid> launchctl unload /Library/LaunchAgents/my.agent.plist where "<username|#uid>" is either the user account name or UID (in the form '#UID') of the user that owns the agent, as in: sudo -u '#502' launchctl stop my.agent -- James Bucanek
On 5 Jan 2011, at 17:30, James Bucanek wrote:
Try this.
% sudo -u <username|#uid> launchctl stop my.agent % sudo -u <username|#uid> launchctl unload /Library/LaunchAgents/my.agent.plist
Have you actually tried this? It /might/ work on 10.6, but I'm almost certain it won't work on 10.5 because launchctl looks up the launchd to talk to via its Mach bootstrap namespace, and sudo doesn't switch namespace. On 4 Jan 2011, at 19:57, eveningnick eveningnick wrote:
How could i stop an agent from root-privileged application?
There's no good solution to this. I generally recommend that you use IPC between your daemon and agents to tell the agents to stop. What's the high-level goal here? Uninstall? S+E -- Quinn "The Eskimo!" <http://www.apple.com/developer/> Apple Developer Relations, Developer Technical Support, Core OS/Hardware
Try this.
% sudo -u <username|#uid> launchctl stop my.agent % sudo -u <username|#uid> launchctl unload /Library/LaunchAgents/my.agent.plist
Have you actually tried this? It /might/ work on 10.6, but I'm almost certain it won't work on 10.5 because launchctl looks up the launchd to talk to via its Mach bootstrap namespace, and sudo doesn't switch namespace.
yes, i tried and it works on 10.6 and doesn't work on 10.5
How could i stop an agent from root-privileged application?
There's no good solution to this. I generally recommend that you use IPC between your daemon and agents to tell the agents to stop.
I found the solution to stop it both an agent and daemon. Luckily for me, helper tools are launched with effective UID of root, while real UID is the ordinary user's one. Which means that unless i execute "setuid(0)" all calls to launchctl are delivered to a per-session instance of launchd. Hence, i unload an agent, execute setuid(0) and unload the daemon. Works both in 10.6 and 10.5 (strange: why? i dont switch the boostrap context. But then, if i execute in Terminal "sudo launchctl stop -w /Library/LaunchDaemons/mydaemon.plist", the daemon stops in 10.5 as well). Now i have a problem to launch an agent, since stopping works fine :) I'd like to launch an agent from an installer script (which runs as root) in 10.5, because as you mentioned launchctl uses boostrap namespace. The solution i've been suggested is to call from within a script ps ex | grep loginwindow | cut -c 1-5 this will give me a list of the PIDs of all the "sample" processes of all the users which run in users namespace. Then i have to call something like launchctl bsexec $FOUNDPID "sudo -u $USERNAME; launchctl load -w /Library/LaunchAgents/MyAgent.plist" which will change both first bootstrap context, and then the username so eventually launchctl will talk to the needed instance of launchd. I don't know how "alive" this solution is in the "real environment". Why didn't Apple make any libraries to link to and to be able to control applications launchd/kextload programmatically?
What's the high-level goal here? Uninstall?
Installing an agent without reboot thanks
On 7 Jan 2011, at 14:02, eveningnick eveningnick wrote:
yes, i tried and it works on 10.6 and doesn't work on 10.5
This is related to changes that we made to the bootstrap namespace in Mac OS X 10.6. Specifically, we flattened all of the bootstrap namespaces for a given user. The best way to think about this is to look at Figure 3 of TN2083 [1]. In that diagram, each pink box has been merged into its parent blue box. This means that there's only one bootstrap namespace for user, so it now makes sense to map from a user ID to a bootstrap namespace. While this is clearly a bug in the technote, one important mitigating factor is that, if you follow the design advice from TN2083, everything will work on 10.5 and 10.6 (and probably future systems). One day I'll get around to update TN2083 for 10.6, but today is not that day. S+E -- Quinn "The Eskimo!" <http://www.apple.com/developer/> Apple Developer Relations, Developer Technical Support, Core OS/Hardware [1] <http://developer.apple.com/mac/library/technotes/tn2005/tn2083.html>
Quinn "The Eskimo!" <mailto:eskimo1@apple.com> wrote (Friday, January 7, 2011 3:17 AM -0000):
On 5 Jan 2011, at 17:30, James Bucanek wrote:
Try this.
% sudo -u <username|#uid> launchctl stop my.agent % sudo -u <username|#uid> launchctl unload /Library/LaunchAgents/my.agent.plist
Have you actually tried this?
I did try this out before I posted it, but admittedly only on 10.6.
It /might/ work on 10.6, but I'm almost certain it won't work on 10.5 because launchctl looks up the launchd to talk to via its Mach bootstrap namespace, and sudo doesn't switch namespace.
Bummer. Apologies for the misdirection. -- James Bucanek
participants (3)
-
eveningnick eveningnick
-
James Bucanek
-
Quinn "The Eskimo!"