From source_changes at macosforge.org Thu Apr 2 15:41:11 2009 From: source_changes at macosforge.org (source_changes at macosforge.org) Date: Thu, 2 Apr 2009 15:41:11 -0700 (PDT) Subject: [launchd-changes] [23879] trunk/launchd/src/launchd_core_logic.c Message-ID: <20090402224111.5FEA813F7823@beta.macosforge.org> Revision: 23879 http://trac.macosforge.org/projects/launchd/changeset/23879 Author: dsorresso at apple.com Date: 2009-04-02 15:41:10 -0700 (Thu, 02 Apr 2009) Log Message: ----------- Launchd defers loading the per-user launchd for root. This may cause first bootstrap to fail. Modified Paths: -------------- trunk/launchd/src/launchd_core_logic.c Modified: trunk/launchd/src/launchd_core_logic.c =================================================================== --- trunk/launchd/src/launchd_core_logic.c 2009-04-01 00:24:58 UTC (rev 23878) +++ trunk/launchd/src/launchd_core_logic.c 2009-04-02 22:41:10 UTC (rev 23879) @@ -5801,7 +5801,7 @@ snprintf(thelabel, sizeof(thelabel), "com.apple.launchctl.%s", session_type); bootstrapper = job_new(jm, thelabel, NULL, bootstrap_tool); - if (jobmgr_assumes(jm, bootstrapper != NULL) && (jm->parentmgr || getuid())) { + if( jobmgr_assumes(jm, bootstrapper != NULL) && (jm->parentmgr || !pid1_magic) ) { bootstrapper->is_bootstrapper = true; char buf[100]; -------------- next part -------------- An HTML attachment was scrubbed... URL: From source_changes at macosforge.org Thu Apr 2 18:35:20 2009 From: source_changes at macosforge.org (source_changes at macosforge.org) Date: Thu, 2 Apr 2009 18:35:20 -0700 (PDT) Subject: [launchd-changes] [23880] trunk/launchd/src Message-ID: <20090403013520.A3A2E13F9628@beta.macosforge.org> Revision: 23880 http://trac.macosforge.org/projects/launchd/changeset/23880 Author: dsorresso at apple.com Date: 2009-04-02 18:35:19 -0700 (Thu, 02 Apr 2009) Log Message: ----------- Embedded security changes. Modified Paths: -------------- trunk/launchd/src/launch_priv.h trunk/launchd/src/launchd_core_logic.c trunk/launchd/src/launchd_core_logic.h trunk/launchd/src/launchd_unix_ipc.c trunk/launchd/src/liblaunch.c trunk/launchd/src/vproc_priv.h Modified: trunk/launchd/src/launch_priv.h =================================================================== --- trunk/launchd/src/launch_priv.h 2009-04-02 22:41:10 UTC (rev 23879) +++ trunk/launchd/src/launch_priv.h 2009-04-03 01:35:19 UTC (rev 23880) @@ -62,6 +62,7 @@ #define LAUNCH_JOBKEY_SECURITYSESSIONUUID "SecuritySessionUUID" #define LAUNCH_JOBKEY_EMBEDDEDSHUTDOWNAUTHORITY "EmbeddedShutdownAuthority" +#define LAUNCH_JOBKEY_EMBEDDEDPRIVILEGEDISPENSATION "EmbeddedPrivilegeDispensation" #define LAUNCH_JOBKEY_ENTERKERNELDEBUGGERBEFOREKILL "EnterKernelDebuggerBeforeKill" #define LAUNCH_JOBKEY_PERJOBMACHSERVICES "PerJobMachServices" Modified: trunk/launchd/src/launchd_core_logic.c =================================================================== --- trunk/launchd/src/launchd_core_logic.c 2009-04-02 22:41:10 UTC (rev 23879) +++ trunk/launchd/src/launchd_core_logic.c 2009-04-03 01:35:19 UTC (rev 23880) @@ -528,7 +528,7 @@ is_bootstrapper :1, /* The job is a bootstrapper. */ has_console :1, /* The job owns the console. */ clean_exit_timer_expired :1, /* The job was clean, received SIGKILL and failed to exit after LAUNCHD_CLEAN_KILL_TIMER seconds. */ - embedded_shutdown_auth :1, /* The job is allowed to call reboot2() on embedded. */ + embedded_special_privileges :1, /* The job runs as a non-root user on embedded but has select privileges of the root user. */ migratory :1; /* The (anonymous) job called vprocmgr_switch_to_session(). */ mode_t mask; pid_t tracing_pid; @@ -637,13 +637,15 @@ static job_t workaround_5477111; static LIST_HEAD(, job_s) s_needing_sessions; mach_port_t g_audit_session_port = MACH_PORT_NULL; + #if !TARGET_OS_EMBEDDED +static job_t s_embedded_privileged_job = (job_t)&root_jobmgr; au_asid_t g_audit_session = AU_DEFAUDITSID; #else +static job_t s_embedded_privileged_job = NULL; pid_t g_audit_session = 0; #endif -static bool s_embedded_shutdown_right_claimed = false; -static pid_t s_update_pid = 0; + static int s_no_hang_fd = -1; /* process wide globals */ @@ -651,6 +653,7 @@ jobmgr_t root_jobmgr; bool g_shutdown_debugging = false; bool g_verbose_boot = false; +bool g_embedded_privileged_action = false; void job_ignore(job_t j) @@ -741,6 +744,18 @@ } #endif +#if TARGET_OS_EMBEDDED + if( g_embedded_privileged_action && s_embedded_privileged_job ) { + if( strcmp(j->username, s_embedded_privileged_job->username) != 0 ) { + errno = EPERM; + return; + } + } else if( g_embedded_privileged_action ) { + errno = EINVAL; + return; + } +#endif + j->sent_signal_time = runtime_get_opaque_time(); if (newval < 0) { @@ -1016,6 +1031,18 @@ struct limititem *li; struct envitem *ei; +#if TARGET_OS_EMBEDDED + if( g_embedded_privileged_action && s_embedded_privileged_job ) { + if( strcmp(j->username, s_embedded_privileged_job->username) != 0 ) { + errno = EPERM; + return; + } + } else if( g_embedded_privileged_action ) { + errno = EINVAL; + return; + } +#endif + if (unlikely(j->p)) { if (j->anonymous) { job_reap(j); @@ -1156,6 +1183,9 @@ if( !uuid_is_null(j->expected_audit_uuid) ) { LIST_REMOVE(j, needing_session_sle); } + if( j->embedded_special_privileges ) { + s_embedded_privileged_job = NULL; + } kevent_mod((uintptr_t)j, EVFILT_TIMER, EV_DELETE, 0, 0, NULL); @@ -1683,9 +1713,14 @@ } else if (strcasecmp(key, LAUNCH_JOBKEY_ENTERKERNELDEBUGGERBEFOREKILL) == 0) { j->debug_before_kill = value; found_key = true; - } else if( !s_embedded_shutdown_right_claimed && strcasecmp(key, LAUNCH_JOBKEY_EMBEDDEDSHUTDOWNAUTHORITY) == 0 ) { - j->embedded_shutdown_auth = true; - s_embedded_shutdown_right_claimed = true; + } else if( strcasecmp(key, LAUNCH_JOBKEY_EMBEDDEDPRIVILEGEDISPENSATION) == 0 ) { + if( !s_embedded_privileged_job ) { + j->embedded_special_privileges = value; + s_embedded_privileged_job = j; + } else { + job_log(j, LOG_ERR, "Job tried to claim %s after it has already been claimed.", key); + } + found_key = true; } break; case 'w': @@ -2177,6 +2212,31 @@ return NULL; } +#if TARGET_OS_EMBEDDED + if( unlikely(g_embedded_privileged_action && s_embedded_privileged_job) ) { + if( unlikely(!(tmp = launch_data_dict_lookup(pload, LAUNCH_JOBKEY_USERNAME))) ) { + errno = EPERM; + return NULL; + } + + const char *username = NULL; + if( likely(tmp && launch_data_get_type(tmp) == LAUNCH_DATA_STRING) ) { + username = launch_data_get_string(tmp); + } else { + errno = EPERM; + return NULL; + } + + if( unlikely(strcmp(s_embedded_privileged_job->username, username) != 0) ) { + errno = EPERM; + return NULL; + } + } else if( g_embedded_privileged_action ) { + errno = EINVAL; + return NULL; + } +#endif + if ((tmp = launch_data_dict_lookup(pload, LAUNCH_JOBKEY_PROGRAM)) && (launch_data_get_type(tmp) == LAUNCH_DATA_STRING)) { prog = launch_data_get_string(tmp); @@ -2886,6 +2946,18 @@ if( !uuid_is_null(j->expected_audit_uuid) ) { return NULL; } + +#if TARGET_OS_EMBEDDED + if( g_embedded_privileged_action && s_embedded_privileged_job ) { + if( strcmp(j->username, s_embedded_privileged_job->username) != 0 ) { + errno = EPERM; + return NULL; + } + } else if( g_embedded_privileged_action ) { + errno = EINVAL; + return NULL; + } +#endif /* * The whole job removal logic needs to be consolidated. The fact that @@ -3099,14 +3171,6 @@ log_kevent_struct(LOG_DEBUG, kev, 0); if( fflags & NOTE_EXIT ) { - if( s_update_pid == (pid_t)kev->ident ) { - int status = 0; - job_assumes(j, waitpid(s_update_pid, &status, 0) == 0); - job_log(j, LOG_NOTICE, "Reaping update job (PID %i, exit status %i)", s_update_pid, WEXITSTATUS(status)); - - s_update_pid = 0; - } - if( j->p == (pid_t)kev->ident && !j->anonymous && !j->is_being_sampled ) { int mib[] = { CTL_KERN, KERN_PROC, KERN_PROC_PID, j->p }; struct kinfo_proc kp; @@ -3468,10 +3532,10 @@ } if (likely(!j->legacy_mach_job)) { - sipc = ( !SLIST_EMPTY(&j->sockets) || !SLIST_EMPTY(&j->machservices) ) && !j->deny_job_creation; + sipc = ((!SLIST_EMPTY(&j->sockets) || !SLIST_EMPTY(&j->machservices)) && !j->deny_job_creation) || j->embedded_special_privileges; } - if (sipc) { + if( sipc ) { job_assumes(j, socketpair(AF_UNIX, SOCK_STREAM, 0, spair) != -1); } @@ -6101,6 +6165,11 @@ j->checkedin = true; } +bool job_is_god(job_t j) +{ + return j->embedded_special_privileges; +} + bool job_ack_port_destruction(mach_port_t p) { @@ -6612,7 +6681,17 @@ } if( unlikely(ldc->euid != 0 && ldc->euid != getuid()) || j->deny_job_creation ) { + + } + + if( unlikely(ldc->euid != 0 && ldc->euid != getuid()) || j->deny_job_creation ) { + #if TARGET_OS_EMBEDDED + if( !j->embedded_special_privileges ) { + return BOOTSTRAP_NOT_PRIVILEGED; + } + #else return BOOTSTRAP_NOT_PRIVILEGED; + #endif } #if HAVE_SANDBOX @@ -6625,6 +6704,12 @@ return BOOTSTRAP_UNKNOWN_SERVICE; } +#if TARGET_OS_EMBEDDED + if( j->embedded_special_privileges && strcmp(j->username, otherj->username) != 0 ) { + return BOOTSTRAP_NOT_PRIVILEGED; + } +#endif + if (sig == VPROC_MAGIC_UNLOAD_SIGNAL) { bool do_block = otherj->p; @@ -6913,6 +6998,9 @@ case VPROC_GSK_WAITFORDEBUGGER: *outval = j->wait4debugger; break; + case VPROC_GSK_EMBEDDEDROOTEQUIVALENT: + *outval = j->embedded_special_privileges; + break; case 0: *outval = 0; break; @@ -7136,7 +7224,7 @@ #if !TARGET_OS_EMBEDDED if (unlikely(ldc->euid)) { #else - if( unlikely(ldc->euid) && !j->embedded_shutdown_auth ) { + if( unlikely(ldc->euid) && !j->embedded_special_privileges ) { #endif return BOOTSTRAP_NOT_PRIVILEGED; } @@ -8356,12 +8444,12 @@ } #if TARGET_OS_EMBEDDED - bool embedded_check = j->username && otherj->username && ( strcmp(j->username, otherj->username) != 0 ); + bool allow_non_root_kickstart = j->username && otherj->username && ( strcmp(j->username, otherj->username) == 0 ); #else - bool embedded_check = true; + bool allow_non_root_kickstart = false; #endif - if( ldc->euid != 0 && ldc->euid != geteuid() && embedded_check ) { + if( ldc->euid != 0 && ldc->euid != geteuid() && !allow_non_root_kickstart ) { return BOOTSTRAP_NOT_PRIVILEGED; } @@ -8741,6 +8829,10 @@ #else /* Since this is for embedded, we can assume that the root job manager holds the Jetsam jobs. */ jm = root_jobmgr; + + if( !g_embedded_privileged_action ) { + return EPERM; + } #endif size_t npris = launch_data_array_get_count(priorities); Modified: trunk/launchd/src/launchd_core_logic.h =================================================================== --- trunk/launchd/src/launchd_core_logic.h 2009-04-02 22:41:10 UTC (rev 23879) +++ trunk/launchd/src/launchd_core_logic.h 2009-04-03 01:35:19 UTC (rev 23880) @@ -32,6 +32,7 @@ extern mach_port_t g_audit_session_port; extern au_asid_t g_audit_session; extern bool g_flat_mach_namespace; +extern bool g_embedded_privileged_action; void jobmgr_init(bool); jobmgr_t jobmgr_shutdown(jobmgr_t jm); @@ -50,6 +51,7 @@ void job_stop(job_t j); void job_checkin(job_t j); void job_remove(job_t j); +bool job_is_god(job_t j); job_t job_import(launch_data_t pload); launch_data_t job_import_bulk(launch_data_t pload); job_t job_mig_intran(mach_port_t mp); Modified: trunk/launchd/src/launchd_unix_ipc.c =================================================================== --- trunk/launchd/src/launchd_unix_ipc.c 2009-04-02 22:41:10 UTC (rev 23879) +++ trunk/launchd/src/launchd_unix_ipc.c 2009-04-03 01:35:19 UTC (rev 23880) @@ -354,16 +354,24 @@ } // job_log(rmc->c->j, LOG_NOTICE, "Socket IPC request: %s.", cmd); + + /* Do not allow commands other than check-in to come over the trusted socket + * on the Desktop. On Embedded, allow all commands over the trusted socket if + * the job has the God Mode key set. + */ +#if TARGET_OS_EMBEDDED + bool allow_privileged_ops = ( !rmc->c->j || job_is_god(rmc->c->j) ); +#else + bool allow_privileged_ops = !rmc->c->j; +#endif - /* Do not allow commands other than check-in to come over the trusted socket. */ - if( data == NULL && rmc->c->j ) { - if( strcmp(cmd, LAUNCH_KEY_CHECKIN) == 0 ) { - resp = job_export(rmc->c->j); - job_checkin(rmc->c->j); - } else { - resp = launch_data_new_errno(EACCES); - } - } else { + if( rmc->c->j && strcmp(cmd, LAUNCH_KEY_CHECKIN) == 0 ) { + resp = job_export(rmc->c->j); + job_checkin(rmc->c->j); + } else if( allow_privileged_ops ) { + #if TARGET_OS_EMBEDDED + g_embedded_privileged_action = rmc->c->j && job_is_god(rmc->c->j); + #endif if( data == NULL ) { if (!strcmp(cmd, LAUNCH_KEY_SHUTDOWN)) { launchd_shutdown(); @@ -388,20 +396,20 @@ } else { if (!strcmp(cmd, LAUNCH_KEY_STARTJOB)) { if ((j = job_find(launch_data_get_string(data))) != NULL) { + errno = 0; job_dispatch(j, true); - errno = 0; } resp = launch_data_new_errno(errno); } else if (!strcmp(cmd, LAUNCH_KEY_STOPJOB)) { if ((j = job_find(launch_data_get_string(data))) != NULL) { + errno = 0; job_stop(j); - errno = 0; } resp = launch_data_new_errno(errno); } else if (!strcmp(cmd, LAUNCH_KEY_REMOVEJOB)) { if ((j = job_find(launch_data_get_string(data))) != NULL) { + errno = 0; job_remove(j); - errno = 0; } resp = launch_data_new_errno(errno); } else if (!strcmp(cmd, LAUNCH_KEY_SUBMITJOB)) { @@ -432,6 +440,11 @@ resp = launch_data_new_errno(launchd_set_jetsam_priorities(data)); } } + #if TARGET_OS_EMBEDDED + g_embedded_privileged_action = false; + #endif + } else { + resp = launch_data_new_errno(EACCES); } rmc->resp = resp; Modified: trunk/launchd/src/liblaunch.c =================================================================== --- trunk/launchd/src/liblaunch.c 2009-04-02 22:41:10 UTC (rev 23879) +++ trunk/launchd/src/liblaunch.c 2009-04-03 01:35:19 UTC (rev 23880) @@ -172,6 +172,7 @@ static launch_data_t launch_msg_internal(launch_data_t d); static void launch_mach_checkin_service(launch_data_t obj, const char *key, void *context); +static int64_t s_am_embedded_god = false; static launch_t in_flight_msg_recv_client; static pthread_once_t _lc_once = PTHREAD_ONCE_INIT; @@ -240,9 +241,12 @@ if ((lfd = _fd(socket(AF_UNIX, SOCK_STREAM, 0))) == -1) { goto out_bad; } - + +#if TARGET_OS_EMBEDDED + (void)vproc_swap_integer(NULL, VPROC_GSK_EMBEDDEDROOTEQUIVALENT, NULL, &s_am_embedded_god); +#endif if (-1 == connect(lfd, (struct sockaddr *)&sun, sizeof(sun))) { - if( cifd != -1 ) { + if( cifd != -1 || s_am_embedded_god ) { /* There is NO security enforced by this check. This is just a hint to our * library that we shouldn't error out due to failing to open this socket. If * we inherited a trusted file descriptor, we shouldn't fail. This should be @@ -1018,7 +1022,7 @@ } int fd2use = -1; - if( launch_data_get_type(d) == LAUNCH_DATA_STRING && strcmp(launch_data_get_string(d), LAUNCH_KEY_CHECKIN) == 0 ) { + if( (launch_data_get_type(d) == LAUNCH_DATA_STRING && strcmp(launch_data_get_string(d), LAUNCH_KEY_CHECKIN) == 0) || s_am_embedded_god ) { _lc->l->which = LAUNCHD_USE_CHECKIN_FD; } else { _lc->l->which = LAUNCHD_USE_OTHER_FD; Modified: trunk/launchd/src/vproc_priv.h =================================================================== --- trunk/launchd/src/vproc_priv.h 2009-04-02 22:41:10 UTC (rev 23879) +++ trunk/launchd/src/vproc_priv.h 2009-04-03 01:35:19 UTC (rev 23880) @@ -69,6 +69,7 @@ VPROC_GSK_PERUSER_RESUME, VPROC_GSK_JOB_OVERRIDES_DB, VPROC_GSK_JOB_CACHE_DB, + VPROC_GSK_EMBEDDEDROOTEQUIVALENT, } vproc_gsk_t; typedef unsigned int vproc_flags_t; -------------- next part -------------- An HTML attachment was scrubbed... URL: From source_changes at macosforge.org Thu Apr 2 18:36:18 2009 From: source_changes at macosforge.org (source_changes at macosforge.org) Date: Thu, 2 Apr 2009 18:36:18 -0700 (PDT) Subject: [launchd-changes] [23881] trunk/launchd/src Message-ID: <20090403013619.3FA3A13F9686@beta.macosforge.org> Revision: 23881 http://trac.macosforge.org/projects/launchd/changeset/23881 Author: dsorresso at apple.com Date: 2009-04-02 18:36:18 -0700 (Thu, 02 Apr 2009) Log Message: ----------- launchd mis-identifies stray processes for termination at shutdown Modified Paths: -------------- trunk/launchd/src/launch.h trunk/launchd/src/launchd_core_logic.c Modified: trunk/launchd/src/launch.h =================================================================== --- trunk/launchd/src/launch.h 2009-04-03 01:35:19 UTC (rev 23880) +++ trunk/launchd/src/launch.h 2009-04-03 01:36:18 UTC (rev 23881) @@ -100,6 +100,7 @@ #define LAUNCH_JOBKEY_THROTTLEINTERVAL "ThrottleInterval" #define LAUNCH_JOBKEY_LAUNCHONLYONCE "LaunchOnlyOnce" #define LAUNCH_JOBKEY_ABANDONPROCESSGROUP "AbandonProcessGroup" +#define LAUNCH_JOBKEY_IGNOREPROCESSGROUPATSHUTDOWN "IgnoreProcessGroupAtShutdown" #define LAUNCH_JOBKEY_POLICIES "Policies" #define LAUNCH_JOBKEY_ENABLETRANSACTIONS "EnableTransactions" Modified: trunk/launchd/src/launchd_core_logic.c =================================================================== --- trunk/launchd/src/launchd_core_logic.c 2009-04-03 01:35:19 UTC (rev 23880) +++ trunk/launchd/src/launchd_core_logic.c 2009-04-03 01:36:18 UTC (rev 23881) @@ -510,6 +510,7 @@ deny_unknown_mslookups :1, /* A flag for changing the behavior of bootstrap_look_up() */ unload_at_mig_return :1, /* A job thoroughly confused launchd. We need to unload it ASAP */ abandon_pg :1, /* man launchd.plist --> AbandonProcessGroup */ + ignore_pg_at_shutdown :1, /* During shutdown, do not send SIGTERM to stray processes in the process group of this job. */ poll_for_vfs_changes :1, /* a hack to work around the fact that kqueues don't work on all filesystems */ deny_job_creation :1, /* Don't let this job create new 'job_t' objects in launchd */ kill_via_shmem :1, /* man launchd.plist --> EnableTransactions */ @@ -1690,6 +1691,9 @@ } j->no_init_groups = !value; found_key = true; + } else if( strcasecmp(key, LAUNCH_JOBKEY_IGNOREPROCESSGROUPATSHUTDOWN) == 0 ) { + j->ignore_pg_at_shutdown = value; + found_key = true; } break; case 'r': @@ -5693,7 +5697,7 @@ /* We might have some jobs hanging around that we've decided to shut down in spite of. */ job_t j = jobmgr_find_by_pid(jm, p_i, false); if( !j || (j && j->anonymous) ) { - jobmgr_log(jm, LOG_INFO | LOG_CONSOLE, "Stray %s %s at shutdown: PID %u PPID %u PGID %u %s", z, j ? "anonymous job" : "process", p_i, pp_i, pg_i, n); + jobmgr_log(jm, LOG_INFO | LOG_CONSOLE, "Stray %s%s at shutdown: PID %u PPID %u PGID %u %s", z, j ? "anonymous job" : "process", p_i, pp_i, pg_i, n); int status = 0; if( pp_i == getpid() && !jobmgr_assumes(jm, kp[i].kp_proc.p_stat != SZOMB) ) { @@ -5702,7 +5706,17 @@ } kp_skipped++; } else { - ps[i] = p_i; + job_t leader = jobmgr_find_by_pid(jm, pg_i, false); + /* See rdar://problem/6745714. Some jobs have child processes that back kernel state, + * so we don't want to terminate them. Long-term, I'd really like to provide shutdown + * hints to the kernel along the way, so that it could shutdown certain subsystems when + * their userspace emissaries go away, before the call to reboot(2). + */ + if( leader && leader->ignore_pg_at_shutdown ) { + kp_skipped++; + } else { + ps[i] = p_i; + } } } else { kp_skipped++; -------------- next part -------------- An HTML attachment was scrubbed... URL: From source_changes at macosforge.org Fri Apr 3 15:37:44 2009 From: source_changes at macosforge.org (source_changes at macosforge.org) Date: Fri, 3 Apr 2009 15:37:44 -0700 (PDT) Subject: [launchd-changes] [23882] tags/launchd-312/ Message-ID: <20090403223744.CA4341402FDF@beta.macosforge.org> Revision: 23882 http://trac.macosforge.org/projects/launchd/changeset/23882 Author: dsorresso at apple.com Date: 2009-04-03 15:37:44 -0700 (Fri, 03 Apr 2009) Log Message: ----------- "Tagging launchd-312 from https://svn.macosforge.org/repository/launchd/trunk" Added Paths: ----------- tags/launchd-312/ Property changes on: tags/launchd-312 ___________________________________________________________________ Added: svn:ignore + build Added: svn:mergeinfo + /branches/PR-5092682:23731-23742 /branches/PR-5898404:23681-23700 /branches/PR-5978442:23651-23701 /branches/PR-6132016:23719-23738 /branches/PR-6271234:23818-23822 /branches/PR-6562592:23812-23822 /branches/PR-6564965:23832-23851 /branches/PR-6589133:23810-23822 /branches/PR-6609410:23828 -------------- next part -------------- An HTML attachment was scrubbed... URL: From source_changes at macosforge.org Tue Apr 7 15:37:43 2009 From: source_changes at macosforge.org (source_changes at macosforge.org) Date: Tue, 7 Apr 2009 15:37:43 -0700 (PDT) Subject: [launchd-changes] [23883] trunk Message-ID: <20090407223744.F1B29146CDD0@beta.macosforge.org> Revision: 23883 http://trac.macosforge.org/projects/launchd/changeset/23883 Author: dsorresso at apple.com Date: 2009-04-07 15:37:42 -0700 (Tue, 07 Apr 2009) Log Message: ----------- job_mig_lookup_per_user_context needs its own operation for sandbox_check Modified Paths: -------------- trunk/launchd/src/launchd_core_logic.c trunk/launchd.xcodeproj/project.pbxproj Added Paths: ----------- trunk/launchd/src/launchd.ops Added: trunk/launchd/src/launchd.ops =================================================================== --- trunk/launchd/src/launchd.ops (rev 0) +++ trunk/launchd/src/launchd.ops 2009-04-07 22:37:42 UTC (rev 23883) @@ -0,0 +1,2 @@ +< mach* > + mach-per-user-lookup Modified: trunk/launchd/src/launchd_core_logic.c =================================================================== --- trunk/launchd/src/launchd_core_logic.c 2009-04-03 22:37:44 UTC (rev 23882) +++ trunk/launchd/src/launchd_core_logic.c 2009-04-07 22:37:42 UTC (rev 23883) @@ -7400,7 +7400,7 @@ #endif #if HAVE_SANDBOX - if (unlikely(sandbox_check(ldc->pid, "job-creation", SANDBOX_FILTER_NONE) > 0)) { + if (unlikely(sandbox_check(ldc->pid, "mach-per-user-lookup", SANDBOX_FILTER_NONE) > 0)) { return BOOTSTRAP_NOT_PRIVILEGED; } #endif Modified: trunk/launchd.xcodeproj/project.pbxproj =================================================================== --- trunk/launchd.xcodeproj/project.pbxproj 2009-04-03 22:37:44 UTC (rev 23882) +++ trunk/launchd.xcodeproj/project.pbxproj 2009-04-07 22:37:42 UTC (rev 23883) @@ -73,6 +73,7 @@ 4B10F1EB0F43BF5C00875782 /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = FC3628070E9345E10054F1A3 /* CoreFoundation.framework */; }; 4B10F1EC0F43BF5C00875782 /* libedit.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = FCD713730E95DE49001B0111 /* libedit.dylib */; settings = {ATTRIBUTES = (Weak, ); }; }; 4B10F1EF0F43BF5C00875782 /* launchctl.1 in CopyFiles */ = {isa = PBXBuildFile; fileRef = FC59A0AD0E8C8A0E00D41150 /* launchctl.1 */; }; + 4B1D92010F8BDE7D00125940 /* launchd.ops in CopyFiles */ = {isa = PBXBuildFile; fileRef = 4B1D91ED0F8BDE1A00125940 /* launchd.ops */; }; 4B9EDCA20EAFC77E00A78496 /* DiskArbitration.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4B9EDCA10EAFC77E00A78496 /* DiskArbitration.framework */; }; 7215DE4C0EFAF2EC00ABD81E /* libauditd.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 7215DE4B0EFAF2EC00ABD81E /* libauditd.dylib */; }; 721FBEBC0EA7AE2F0057462B /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 721FBEBB0EA7AE2F0057462B /* Security.framework */; }; @@ -247,6 +248,16 @@ ); runOnlyForDeploymentPostprocessing = 1; }; + 4B1D91F40F8BDE6800125940 /* CopyFiles */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 8; + dstPath = usr/local/share/sandbox/operations/; + dstSubfolderSpec = 0; + files = ( + 4B1D92010F8BDE7D00125940 /* launchd.ops in CopyFiles */, + ); + runOnlyForDeploymentPostprocessing = 1; + }; FC3627D60E9343B90054F1A3 /* CopyFiles */ = { isa = PBXCopyFilesBuildPhase; buildActionMask = 8; @@ -356,6 +367,7 @@ /* Begin PBXFileReference section */ 4B10F1D30F43BE7E00875782 /* launchd */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = launchd; sourceTree = BUILT_PRODUCTS_DIR; }; 4B10F1F30F43BF5C00875782 /* launchctl */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = launchctl; sourceTree = BUILT_PRODUCTS_DIR; }; + 4B1D91ED0F8BDE1A00125940 /* launchd.ops */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; name = launchd.ops; path = launchd/src/launchd.ops; sourceTree = ""; }; 4B9EDCA10EAFC77E00A78496 /* DiskArbitration.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = DiskArbitration.framework; path = /System/Library/Frameworks/DiskArbitration.framework; sourceTree = ""; }; 7215DE4B0EFAF2EC00ABD81E /* libauditd.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libauditd.dylib; path = /usr/lib/libauditd.dylib; sourceTree = ""; }; 721FBEA50EA7ABC40057462B /* config.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = config.h; path = launchd/src/config.h; sourceTree = ""; }; @@ -649,6 +661,7 @@ FC59A0E10E8C8A9400D41150 /* liblaunch */ = { isa = PBXGroup; children = ( + 4B1D91ED0F8BDE1A00125940 /* launchd.ops */, FC59A0FB0E8C8ACE00D41150 /* reboot2.h */, FC59A0E20E8C8AA600D41150 /* vproc.h */, FC59A0E30E8C8AA600D41150 /* vproc_priv.h */, @@ -758,6 +771,7 @@ isa = PBXNativeTarget; buildConfigurationList = FC59A0650E8C886700D41150 /* Build configuration list for PBXNativeTarget "liblaunch" */; buildPhases = ( + 4B1D91F40F8BDE6800125940 /* CopyFiles */, FC59A05C0E8C885100D41150 /* Headers */, FC59A05D0E8C885100D41150 /* Sources */, FC59A05E0E8C885100D41150 /* Frameworks */, -------------- next part -------------- An HTML attachment was scrubbed... URL: From source_changes at macosforge.org Tue Apr 7 15:37:53 2009 From: source_changes at macosforge.org (source_changes at macosforge.org) Date: Tue, 7 Apr 2009 15:37:53 -0700 (PDT) Subject: [launchd-changes] [23884] tags/launchd-313/ Message-ID: <20090407223753.7D66D146CE88@beta.macosforge.org> Revision: 23884 http://trac.macosforge.org/projects/launchd/changeset/23884 Author: dsorresso at apple.com Date: 2009-04-07 15:37:53 -0700 (Tue, 07 Apr 2009) Log Message: ----------- "Tagging launchd-313 from https://svn.macosforge.org/repository/launchd/trunk" Added Paths: ----------- tags/launchd-313/ Property changes on: tags/launchd-313 ___________________________________________________________________ Added: svn:ignore + build Added: svn:mergeinfo + /branches/PR-5092682:23731-23742 /branches/PR-5898404:23681-23700 /branches/PR-5978442:23651-23701 /branches/PR-6132016:23719-23738 /branches/PR-6271234:23818-23822 /branches/PR-6562592:23812-23822 /branches/PR-6564965:23832-23851 /branches/PR-6589133:23810-23822 /branches/PR-6609410:23828 -------------- next part -------------- An HTML attachment was scrubbed... URL: From source_changes at macosforge.org Wed Apr 8 13:35:10 2009 From: source_changes at macosforge.org (source_changes at macosforge.org) Date: Wed, 8 Apr 2009 13:35:10 -0700 (PDT) Subject: [launchd-changes] [23886] tags/launchd-314/ Message-ID: <20090408203510.CDE7114AF142@beta.macosforge.org> Revision: 23886 http://trac.macosforge.org/projects/launchd/changeset/23886 Author: dsorresso at apple.com Date: 2009-04-08 13:35:10 -0700 (Wed, 08 Apr 2009) Log Message: ----------- "Tagging launchd-314 from https://svn.macosforge.org/repository/launchd/trunk" Added Paths: ----------- tags/launchd-314/ Property changes on: tags/launchd-314 ___________________________________________________________________ Added: svn:ignore + build Added: svn:mergeinfo + /branches/PR-5092682:23731-23742 /branches/PR-5898404:23681-23700 /branches/PR-5978442:23651-23701 /branches/PR-6132016:23719-23738 /branches/PR-6271234:23818-23822 /branches/PR-6562592:23812-23822 /branches/PR-6564965:23832-23851 /branches/PR-6589133:23810-23822 /branches/PR-6609410:23828 -------------- next part -------------- An HTML attachment was scrubbed... URL: From source_changes at macosforge.org Thu Apr 9 11:00:36 2009 From: source_changes at macosforge.org (source_changes at macosforge.org) Date: Thu, 9 Apr 2009 11:00:36 -0700 (PDT) Subject: [launchd-changes] [23887] branches/SULeopard/launchd/src/launchctl.c Message-ID: <20090409180036.5124014D8E3C@beta.macosforge.org> Revision: 23887 http://trac.macosforge.org/projects/launchd/changeset/23887 Author: dsorresso at apple.com Date: 2009-04-09 11:00:35 -0700 (Thu, 09 Apr 2009) Log Message: ----------- launchctl.c doesn't include config.h; HAVE_SECURITY undefined Modified Paths: -------------- branches/SULeopard/launchd/src/launchctl.c Modified: branches/SULeopard/launchd/src/launchctl.c =================================================================== --- branches/SULeopard/launchd/src/launchctl.c 2009-04-08 20:35:10 UTC (rev 23886) +++ branches/SULeopard/launchd/src/launchctl.c 2009-04-09 18:00:35 UTC (rev 23887) @@ -20,6 +20,7 @@ static const char *const __rcs_file_version__ = "$Revision$"; +#include "config.h" #include "launch.h" #include "launch_priv.h" #include "bootstrap.h" -------------- next part -------------- An HTML attachment was scrubbed... URL: From source_changes at macosforge.org Thu Apr 9 11:05:33 2009 From: source_changes at macosforge.org (source_changes at macosforge.org) Date: Thu, 9 Apr 2009 11:05:33 -0700 (PDT) Subject: [launchd-changes] [23888] tags/launchd-258.23/ Message-ID: <20090409180533.1F19E14D8F5B@beta.macosforge.org> Revision: 23888 http://trac.macosforge.org/projects/launchd/changeset/23888 Author: dsorresso at apple.com Date: 2009-04-09 11:05:32 -0700 (Thu, 09 Apr 2009) Log Message: ----------- "Tagging launchd-258.23 from https://svn.macosforge.org/repository/launchd/branches/SULeopard" Added Paths: ----------- tags/launchd-258.23/ Property changes on: tags/launchd-258.23 ___________________________________________________________________ Added: svn:ignore + build Added: svn:mergeinfo + /branches/PR-6248586:23722-23747 -------------- next part -------------- An HTML attachment was scrubbed... URL: From source_changes at macosforge.org Thu Apr 9 18:56:53 2009 From: source_changes at macosforge.org (source_changes at macosforge.org) Date: Thu, 9 Apr 2009 18:56:53 -0700 (PDT) Subject: [launchd-changes] [23889] trunk/launchd/src Message-ID: <20090410015654.85AA814E294D@beta.macosforge.org> Revision: 23889 http://trac.macosforge.org/projects/launchd/changeset/23889 Author: dsorresso at apple.com Date: 2009-04-09 18:56:53 -0700 (Thu, 09 Apr 2009) Log Message: ----------- Tweak per-user suspend and resume Modified Paths: -------------- trunk/launchd/src/launchd_core_logic.c trunk/launchd/src/libvproc.c Modified: trunk/launchd/src/launchd_core_logic.c =================================================================== --- trunk/launchd/src/launchd_core_logic.c 2009-04-09 18:05:32 UTC (rev 23888) +++ trunk/launchd/src/launchd_core_logic.c 2009-04-10 01:56:53 UTC (rev 23889) @@ -399,6 +399,11 @@ #define AUTO_PICK_LEGACY_LABEL (const char *)(~0) #define AUTO_PICK_ANONYMOUS_LABEL (const char *)(~1) +struct suspended_peruser { + LIST_ENTRY(suspended_peruser) sle; + job_t j; +}; + struct job_s { kq_callback kqjob_callback; /* MUST be first element of this structure for benefit of launchd's run loop. */ LIST_ENTRY(job_s) sle; @@ -407,10 +412,9 @@ LIST_ENTRY(job_s) pid_hash_sle; LIST_ENTRY(job_s) label_hash_sle; LIST_ENTRY(job_s) global_env_sle; - LIST_ENTRY(job_s) suspended_peruser_sle; STAILQ_ENTRY(job_s) pending_samples_sle; SLIST_ENTRY(job_s) curious_jobs_sle; - LIST_HEAD(, job_s) suspended_perusers; + LIST_HEAD(, suspended_peruser) suspended_perusers; LIST_HEAD(, waiting_for_exit) exit_watchers; SLIST_HEAD(, socketgroup) sockets; SLIST_HEAD(, calendarinterval) cal_intervals; @@ -2732,14 +2736,15 @@ } } - job_t ji = NULL; - while( (ji = LIST_FIRST(&j->suspended_perusers)) ) { - job_log(j, LOG_ERR, "Job exited before resuming per-user launchd for UID %u. Will forcibly resume.", ji->mach_uid); - ji->peruser_suspend_count--; - if( ji->peruser_suspend_count == 0 ) { - LIST_REMOVE(ji, suspended_peruser_sle); + struct suspended_peruser *spi = NULL; + while( (spi = LIST_FIRST(&j->suspended_perusers)) ) { + job_log(j, LOG_ERR, "Job exited before resuming per-user launchd for UID %u. Will forcibly resume.", spi->j->mach_uid); + spi->j->peruser_suspend_count--; + if( spi->j->peruser_suspend_count == 0 ) { + job_dispatch(spi->j, false); } - job_dispatch(ji, false); + LIST_REMOVE(spi, sle); + free(spi); } struct waiting_for_exit *w4e = NULL; @@ -7148,42 +7153,56 @@ } break; case VPROC_GSK_PERUSER_SUSPEND: - if( pid1_magic && ldc->euid == 0 ) { + if( job_assumes(j, pid1_magic && ldc->euid == 0) ) { mach_port_t junk = MACH_PORT_NULL; job_t jpu = jobmgr_lookup_per_user_context_internal(j, (uid_t)inval, false, &junk); - if( jpu ) { - job_t ji = NULL; - LIST_FOREACH( ji, &j->suspended_perusers, suspended_peruser_sle ) { - if( (int64_t)(ji->mach_uid) == inval ) { - job_log(j, LOG_WARNING, "Job tried to suspend per-user launchd for UID %u twice.", ji->mach_uid); + if( job_assumes(j, jpu != NULL) ) { + struct suspended_peruser *spi = NULL; + LIST_FOREACH( spi, &j->suspended_perusers, sle ) { + if( (int64_t)(spi->j->mach_uid) == inval ) { + job_log(j, LOG_WARNING, "Job tried to suspend per-user launchd for UID %lli twice.", inval); break; } } - - if( ji == NULL ) { - jpu->peruser_suspend_count++; - LIST_INSERT_HEAD(&j->suspended_perusers, jpu, suspended_peruser_sle); - job_stop(jpu); + + if( spi == NULL ) { + job_log(j, LOG_INFO, "Job is suspending the per-user launchd for UID %lli.", inval); + spi = (struct suspended_peruser *)calloc(sizeof(struct suspended_peruser), 1); + if( job_assumes(j, spi != NULL) ) { + spi->j = jpu; + spi->j->peruser_suspend_count++; + LIST_INSERT_HEAD(&j->suspended_perusers, spi, sle); + job_stop(spi->j); + } else { + kr = BOOTSTRAP_NO_MEMORY; + } } } + } else { + kr = 1; } break; case VPROC_GSK_PERUSER_RESUME: - if( pid1_magic && ldc->euid == 0 ) { - job_t ji = NULL, jt = NULL; - LIST_FOREACH_SAFE( ji, &j->suspended_perusers, suspended_peruser_sle, jt ) { - if( (int64_t)(ji->mach_uid) == inval ) { - ji->peruser_suspend_count--; - LIST_REMOVE(ji, suspended_peruser_sle); + if( job_assumes(j, pid1_magic == true) ) { + struct suspended_peruser *spi = NULL, *spt = NULL; + LIST_FOREACH_SAFE( spi, &j->suspended_perusers, sle, spt ) { + if( (int64_t)(spi->j->mach_uid) == inval ) { + spi->j->peruser_suspend_count--; + LIST_REMOVE(spi, sle); + job_log(j, LOG_INFO, "Job is resuming the per-user launchd for UID %lli.", inval); break; } } - if( ji == NULL ) { - job_log(j, LOG_WARNING, "Job tried to resume per-user launchd for UID %llu that it did not suspend.", inval); - } else if( ji->peruser_suspend_count == 0 ) { - job_dispatch(ji, false); + if( !job_assumes(j, spi != NULL) ) { + job_log(j, LOG_WARNING, "Job tried to resume per-user launchd for UID %lli that it did not suspend.", inval); + kr = BOOTSTRAP_NOT_PRIVILEGED; + } else if( spi->j->peruser_suspend_count == 0 ) { + job_dispatch(spi->j, false); + free(spi); } + } else { + kr = 1; } break; case 0: @@ -8437,7 +8456,7 @@ } char name[NAME_MAX]; - snprintf(name, sizeof(name), "bootstrap_subset(%u)->%s[%i]", MACH_PORT_INDEX(requestorport), j->anonymous ? j->prog : j->label, j->p); + snprintf(name, sizeof(name), "%s[%i].subset.%i", j->anonymous ? j->prog : j->label, j->p, MACH_PORT_INDEX(requestorport)); if (!job_assumes(j, (jmr = jobmgr_new(j->mgr, requestorport, MACH_PORT_NULL, false, name, j->audit_session)) != NULL)) { if (unlikely(requestorport == MACH_PORT_NULL)) { Modified: trunk/launchd/src/libvproc.c =================================================================== --- trunk/launchd/src/libvproc.c 2009-04-09 18:05:32 UTC (rev 23888) +++ trunk/launchd/src/libvproc.c 2009-04-10 01:56:53 UTC (rev 23889) @@ -842,8 +842,9 @@ break; } + kern_return_t kr = KERN_FAILURE; mach_port_t mp = vp ? vp->j_port : bootstrap_port; - if (vproc_mig_swap_integer(mp, inval ? key : 0, outval ? key : 0, inval ? *inval : 0, outval ? outval : &dummyval) == 0) { + if ((kr = vproc_mig_swap_integer(mp, inval ? key : 0, outval ? key : 0, inval ? *inval : 0, outval ? outval : &dummyval)) == 0) { switch (key) { case VPROC_GSK_MGR_PID: cached_pid = outval ? *outval : dummyval; @@ -862,10 +863,8 @@ vproc_t pu_vp = vprocmgr_lookup_vproc(peruser_label); if( pu_vp ) { int status = 0; - kern_return_t kr = vproc_mig_wait2(bootstrap_port, pu_vp->j_port, &status); + kr = vproc_mig_wait2(bootstrap_port, pu_vp->j_port, &status); vproc_release(pu_vp); - - syslog(LOG_DEBUG, "%u's suspended launchd exited with status %i (kr = 0x%x).", (uid_t)*inval, status, kr); } break; } -------------- next part -------------- An HTML attachment was scrubbed... URL: From source_changes at macosforge.org Fri Apr 10 00:43:29 2009 From: source_changes at macosforge.org (source_changes at macosforge.org) Date: Fri, 10 Apr 2009 00:43:29 -0700 (PDT) Subject: [launchd-changes] [23890] branches/SULeopard/launchd.xcodeproj/project.pbxproj Message-ID: <20090410074331.06D1114E8089@beta.macosforge.org> Revision: 23890 http://trac.macosforge.org/projects/launchd/changeset/23890 Author: dsorresso at apple.com Date: 2009-04-10 00:43:26 -0700 (Fri, 10 Apr 2009) Log Message: ----------- Added Security framework to launchctl. Modified Paths: -------------- branches/SULeopard/launchd.xcodeproj/project.pbxproj Modified: branches/SULeopard/launchd.xcodeproj/project.pbxproj =================================================================== --- branches/SULeopard/launchd.xcodeproj/project.pbxproj 2009-04-10 01:56:53 UTC (rev 23889) +++ branches/SULeopard/launchd.xcodeproj/project.pbxproj 2009-04-10 07:43:26 UTC (rev 23890) @@ -50,6 +50,7 @@ /* End PBXAggregateTarget section */ /* Begin PBXBuildFile section */ + 33C2D68C0F8F2C7A00A21214 /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 721FBEBB0EA7AE2F0057462B /* Security.framework */; }; 721FBEBC0EA7AE2F0057462B /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 721FBEBB0EA7AE2F0057462B /* Security.framework */; }; 72B71B7D0EA7E98A00BFE986 /* exc.defs in Sources */ = {isa = PBXBuildFile; fileRef = FC36291F0E9349410054F1A3 /* exc.defs */; settings = {ATTRIBUTES = (Server, ); }; }; FC3627BA0E9343220054F1A3 /* StartupItems.c in Sources */ = {isa = PBXBuildFile; fileRef = FC59A0FD0E8C8ADF00D41150 /* StartupItems.c */; }; @@ -372,6 +373,7 @@ FCC841CC0EA7138700C01666 /* IOKit.framework in Frameworks */, FC3628080E9345E10054F1A3 /* CoreFoundation.framework in Frameworks */, FCD713740E95DE49001B0111 /* libedit.dylib in Frameworks */, + 33C2D68C0F8F2C7A00A21214 /* Security.framework in Frameworks */, ); runOnlyForDeploymentPostprocessing = 0; }; -------------- next part -------------- An HTML attachment was scrubbed... URL: From source_changes at macosforge.org Fri Apr 10 00:43:39 2009 From: source_changes at macosforge.org (source_changes at macosforge.org) Date: Fri, 10 Apr 2009 00:43:39 -0700 (PDT) Subject: [launchd-changes] [23891] tags/launchd-258.24/ Message-ID: <20090410074339.3E53E14E80A3@beta.macosforge.org> Revision: 23891 http://trac.macosforge.org/projects/launchd/changeset/23891 Author: dsorresso at apple.com Date: 2009-04-10 00:43:38 -0700 (Fri, 10 Apr 2009) Log Message: ----------- "Tagging launchd-258.24 from https://svn.macosforge.org/repository/launchd/branches/SULeopard" Added Paths: ----------- tags/launchd-258.24/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From source_changes at macosforge.org Fri Apr 10 15:06:39 2009 From: source_changes at macosforge.org (source_changes at macosforge.org) Date: Fri, 10 Apr 2009 15:06:39 -0700 (PDT) Subject: [launchd-changes] [23892] trunk/launchd/src Message-ID: <20090410220639.51EED14FBF63@beta.macosforge.org> Revision: 23892 http://trac.macosforge.org/projects/launchd/changeset/23892 Author: dsorresso at apple.com Date: 2009-04-10 15:06:38 -0700 (Fri, 10 Apr 2009) Log Message: ----------- ResetAtClose should handle the case of a failed exec(2) Modified Paths: -------------- trunk/launchd/src/launch.h trunk/launchd/src/launch_priv.h trunk/launchd/src/launchd_core_logic.c Modified: trunk/launchd/src/launch.h =================================================================== --- trunk/launchd/src/launch.h 2009-04-10 07:43:38 UTC (rev 23891) +++ trunk/launchd/src/launch.h 2009-04-10 22:06:38 UTC (rev 23892) @@ -110,6 +110,7 @@ #define LAUNCH_JOBKEY_MACH_RESETATCLOSE "ResetAtClose" #define LAUNCH_JOBKEY_MACH_HIDEUNTILCHECKIN "HideUntilCheckIn" +#define LAUNCH_JOBKEY_MACH_DRAINMESSAGESONCRASH "DrainMessagesOnCrash" #define LAUNCH_JOBKEY_KEEPALIVE_SUCCESSFULEXIT "SuccessfulExit" #define LAUNCH_JOBKEY_KEEPALIVE_NETWORKSTATE "NetworkState" Modified: trunk/launchd/src/launch_priv.h =================================================================== --- trunk/launchd/src/launch_priv.h 2009-04-10 07:43:38 UTC (rev 23891) +++ trunk/launchd/src/launch_priv.h 2009-04-10 22:06:38 UTC (rev 23892) @@ -75,7 +75,6 @@ #define LAUNCH_JOBKEY_MACH_TASKSPECIALPORT "TaskSpecialPort" #define LAUNCH_JOBKEY_MACH_HOSTSPECIALPORT "HostSpecialPort" #define LAUNCH_JOBKEY_MACH_ENTERKERNELDEBUGGERONCLOSE "EnterKernelDebuggerOnClose" -#define LAUNCH_JOBKEY_MACH_DRAINMESSAGESONCRASH "DrainMessagesOnCrash" typedef struct _launch *launch_t; Modified: trunk/launchd/src/launchd_core_logic.c =================================================================== --- trunk/launchd/src/launchd_core_logic.c 2009-04-10 07:43:38 UTC (rev 23891) +++ trunk/launchd/src/launchd_core_logic.c 2009-04-10 22:06:38 UTC (rev 23892) @@ -168,18 +168,21 @@ job_t job; unsigned int gen_num; mach_port_name_t port; - unsigned int isActive :1, - reset :1, - recv :1, - hide :1, - kUNCServer :1, - per_user_hack :1, - debug_on_close :1, - per_pid :1, - delete_on_destruction :1, - drain_one :1, - drain_all :1, - special_port_num :22; + unsigned int isActive :1, + reset :1, + recv :1, + hide :1, + kUNCServer :1, + per_user_hack :1, + debug_on_close :1, + per_pid :1, + delete_on_destruction :1, + drain_one_on_crash :1, + drain_all_on_crash :1, + /* Don't let the size of this field to get too small. It has to be large enough + * to represent the reasonable range of special port numbers. + */ + special_port_num :20; const char name[0]; }; @@ -534,6 +537,7 @@ has_console :1, /* The job owns the console. */ clean_exit_timer_expired :1, /* The job was clean, received SIGKILL and failed to exit after LAUNCHD_CLEAN_KILL_TIMER seconds. */ embedded_special_privileges :1, /* The job runs as a non-root user on embedded but has select privileges of the root user. */ + did_exec :1, /* The job exec(2)ed successfully. */ migratory :1; /* The (anonymous) job called vprocmgr_switch_to_session(). */ mode_t mask; pid_t tracing_pid; @@ -2728,14 +2732,18 @@ j->reaped = true; struct machservice *msi = NULL; - if( j->crashed ) { + if( j->crashed || !(j->did_exec || j->anonymous) ) { SLIST_FOREACH( msi, &j->machservices, sle ) { - if( !msi->isActive && (msi->drain_one || msi->drain_all) ) { + if( j->crashed && !msi->isActive && (msi->drain_one_on_crash || msi->drain_all_on_crash) ) { machservice_drain_port(msi); } + + if( !j->did_exec && msi->reset && job_assumes(j, !msi->isActive) ) { + machservice_resetport(j, msi); + } } } - + struct suspended_peruser *spi = NULL; while( (spi = LIST_FIRST(&j->suspended_perusers)) ) { job_log(j, LOG_ERR, "Job exited before resuming per-user launchd for UID %u. Will forcibly resume.", spi->j->mach_uid); @@ -3270,6 +3278,7 @@ LIST_INSERT_HEAD(&label_hash[hash_label(j->label)], j, label_hash_sle); } } else { + j->did_exec = true; job_log(j, LOG_DEBUG, "Program changed"); } } @@ -3627,6 +3636,7 @@ job_log(j, LOG_DEBUG, "Started as PID: %u", c); + j->did_exec = false; j->checkedin = false; j->start_pending = false; j->reaped = false; @@ -3677,7 +3687,7 @@ SLIST_REMOVE(&j->env, ei, envitem, sle); } } - + if (likely(!j->stall_before_exec)) { job_uncork_fork(j); } @@ -3778,7 +3788,7 @@ errno = psf(NULL, file2exec, NULL, &spattr, (char *const*)argv, environ); job_log_error(j, LOG_ERR, "posix_spawn(\"%s\", ...)", file2exec); - + #if HAVE_SANDBOX out_bad: #endif @@ -5464,9 +5474,9 @@ if( strcasecmp(key, LAUNCH_JOBKEY_MACH_DRAINMESSAGESONCRASH) == 0 ) { const char *option = launch_data_get_string(obj); if( strcasecmp(option, "One") == 0 ) { - ms->drain_one = true; + ms->drain_one_on_crash = true; } else if( strcasecmp(option, "All") == 0 ) { - ms->drain_all = true; + ms->drain_all_on_crash = true; } } break; @@ -6061,14 +6071,13 @@ void machservice_drain_port(struct machservice *ms) { - if (!job_assumes(ms->job, ms->job->crashed == true)) { - return; - } + bool drain_one = ms->drain_one_on_crash; + bool drain_all = ms->drain_all_on_crash; - if( ms->drain_one == false && ms->drain_all == false ) { + if( !job_assumes(ms->job, (drain_one || drain_all) == true) ) { return; } - + job_log(ms->job, LOG_INFO, "Draining %s...", ms->name); char req_buff[sizeof(union __RequestUnion__catch_mach_exc_subsystem) * 2]; @@ -6103,7 +6112,7 @@ break; } } - } while( ms->drain_all && mr != MACH_RCV_TIMED_OUT ); + } while( drain_all && mr != MACH_RCV_TIMED_OUT ); } void @@ -6257,7 +6266,7 @@ * ReceiveRight(N - 1)Returned */ - if( ms->drain_one || ms->drain_all ) { + if( ms->drain_one_on_crash || ms->drain_all_on_crash ) { if( j->crashed && j->reaped ) { job_log(j, LOG_DEBUG, "Job has crashed. Draining port..."); machservice_drain_port(ms); @@ -6267,7 +6276,6 @@ } ms->isActive = false; - if (ms->delete_on_destruction) { machservice_delete(j, ms, false); } else if (ms->reset) { @@ -7588,6 +7596,7 @@ } } + return BOOTSTRAP_SUCCESS; } -------------- next part -------------- An HTML attachment was scrubbed... URL: From source_changes at macosforge.org Fri Apr 10 15:38:12 2009 From: source_changes at macosforge.org (source_changes at macosforge.org) Date: Fri, 10 Apr 2009 15:38:12 -0700 (PDT) Subject: [launchd-changes] [23893] tags/launchd-315/ Message-ID: <20090410223812.F3EAA14FD41F@beta.macosforge.org> Revision: 23893 http://trac.macosforge.org/projects/launchd/changeset/23893 Author: dsorresso at apple.com Date: 2009-04-10 15:38:12 -0700 (Fri, 10 Apr 2009) Log Message: ----------- "Tagging launchd-315 from https://svn.macosforge.org/repository/launchd/trunk" Added Paths: ----------- tags/launchd-315/ Property changes on: tags/launchd-315 ___________________________________________________________________ Added: svn:ignore + build Added: svn:mergeinfo + /branches/PR-5092682:23731-23742 /branches/PR-5898404:23681-23700 /branches/PR-5978442:23651-23701 /branches/PR-6132016:23719-23738 /branches/PR-6271234:23818-23822 /branches/PR-6562592:23812-23822 /branches/PR-6564965:23832-23851 /branches/PR-6589133:23810-23822 /branches/PR-6609410:23828 -------------- next part -------------- An HTML attachment was scrubbed... URL: From source_changes at macosforge.org Tue Apr 14 14:34:14 2009 From: source_changes at macosforge.org (source_changes at macosforge.org) Date: Tue, 14 Apr 2009 14:34:14 -0700 (PDT) Subject: [launchd-changes] [23894] trunk/launchd/src/launchd_core_logic.c Message-ID: <20090414213414.7AE691586891@beta.macosforge.org> Revision: 23894 http://trac.macosforge.org/projects/launchd/changeset/23894 Author: dsorresso at apple.com Date: 2009-04-14 14:34:13 -0700 (Tue, 14 Apr 2009) Log Message: ----------- (Embedded security hardening) Modified Paths: -------------- trunk/launchd/src/launchd_core_logic.c Modified: trunk/launchd/src/launchd_core_logic.c =================================================================== --- trunk/launchd/src/launchd_core_logic.c 2009-04-10 22:38:12 UTC (rev 23893) +++ trunk/launchd/src/launchd_core_logic.c 2009-04-14 21:34:13 UTC (rev 23894) @@ -755,7 +755,6 @@ #if TARGET_OS_EMBEDDED if( g_embedded_privileged_action && s_embedded_privileged_job ) { - #if 0 if( !job_assumes(j, s_embedded_privileged_job->username != NULL && j->username != NULL) ) { errno = EPERM; return; @@ -765,9 +764,6 @@ errno = EPERM; return; } - #else - /* For now, allow this. */ - #endif } else if( g_embedded_privileged_action ) { errno = EINVAL; return; @@ -2985,7 +2981,6 @@ #if TARGET_OS_EMBEDDED if( g_embedded_privileged_action && s_embedded_privileged_job ) { - #if 0 if( !job_assumes(j, s_embedded_privileged_job->username != NULL && j->username != NULL) ) { errno = EPERM; return NULL; @@ -2995,9 +2990,6 @@ errno = EPERM; return NULL; } - #else - /* For now, allow this. */ - #endif } else if( g_embedded_privileged_action ) { errno = EINVAL; return NULL; -------------- next part -------------- An HTML attachment was scrubbed... URL: From source_changes at macosforge.org Tue Apr 14 14:34:28 2009 From: source_changes at macosforge.org (source_changes at macosforge.org) Date: Tue, 14 Apr 2009 14:34:28 -0700 (PDT) Subject: [launchd-changes] [23895] tags/launchd-316/ Message-ID: <20090414213428.873E615868AB@beta.macosforge.org> Revision: 23895 http://trac.macosforge.org/projects/launchd/changeset/23895 Author: dsorresso at apple.com Date: 2009-04-14 14:34:28 -0700 (Tue, 14 Apr 2009) Log Message: ----------- "Tagging launchd-316 from https://svn.macosforge.org/repository/launchd/trunk" Added Paths: ----------- tags/launchd-316/ Property changes on: tags/launchd-316 ___________________________________________________________________ Added: svn:ignore + build Added: svn:mergeinfo + /branches/PR-5092682:23731-23742 /branches/PR-5898404:23681-23700 /branches/PR-5978442:23651-23701 /branches/PR-6132016:23719-23738 /branches/PR-6271234:23818-23822 /branches/PR-6562592:23812-23822 /branches/PR-6564965:23832-23851 /branches/PR-6589133:23810-23822 /branches/PR-6609410:23828 -------------- next part -------------- An HTML attachment was scrubbed... URL: From source_changes at macosforge.org Wed Apr 15 01:45:02 2009 From: source_changes at macosforge.org (source_changes at macosforge.org) Date: Wed, 15 Apr 2009 01:45:02 -0700 (PDT) Subject: [launchd-changes] [23896] trunk/launchd/src/launchd_core_logic.c Message-ID: <20090415084503.087C015A2878@beta.macosforge.org> Revision: 23896 http://trac.macosforge.org/projects/launchd/changeset/23896 Author: dsorresso at apple.com Date: 2009-04-15 01:45:01 -0700 (Wed, 15 Apr 2009) Log Message: ----------- sampling processes at shutdown should not use Spotlight Modified Paths: -------------- trunk/launchd/src/launchd_core_logic.c Modified: trunk/launchd/src/launchd_core_logic.c =================================================================== --- trunk/launchd/src/launchd_core_logic.c 2009-04-14 21:34:28 UTC (rev 23895) +++ trunk/launchd/src/launchd_core_logic.c 2009-04-15 08:45:01 UTC (rev 23896) @@ -2889,7 +2889,12 @@ { char pidstr[32]; snprintf(pidstr, sizeof(pidstr), "%u", j->p); +#if !TARGET_OS_EMBEDDED + /* -nodsyms so sample doesn't try to use Spotlight to find dsym files after mds has gone away. */ + char *sample_args[] = { "/usr/bin/sample", pidstr, "1", "-unsupportedShowArch", "-mayDie", "-nodsyms", "-file", j->mgr->sample_log_file, NULL }; +#else char *sample_args[] = { "/usr/bin/sample", pidstr, "1", "-unsupportedShowArch", "-mayDie", "-file", j->mgr->sample_log_file, NULL }; +#endif execve(sample_args[0], sample_args, environ); _exit(EXIT_FAILURE); -------------- next part -------------- An HTML attachment was scrubbed... URL: From source_changes at macosforge.org Wed Apr 15 14:27:56 2009 From: source_changes at macosforge.org (source_changes at macosforge.org) Date: Wed, 15 Apr 2009 14:27:56 -0700 (PDT) Subject: [launchd-changes] [23897] tags/launchd-317/ Message-ID: <20090415212756.8684315AB813@beta.macosforge.org> Revision: 23897 http://trac.macosforge.org/projects/launchd/changeset/23897 Author: dsorresso at apple.com Date: 2009-04-15 14:27:54 -0700 (Wed, 15 Apr 2009) Log Message: ----------- "Tagging launchd-317 from https://svn.macosforge.org/repository/launchd/trunk" Added Paths: ----------- tags/launchd-317/ Property changes on: tags/launchd-317 ___________________________________________________________________ Added: svn:ignore + build Added: svn:mergeinfo + /branches/PR-5092682:23731-23742 /branches/PR-5898404:23681-23700 /branches/PR-5978442:23651-23701 /branches/PR-6132016:23719-23738 /branches/PR-6271234:23818-23822 /branches/PR-6562592:23812-23822 /branches/PR-6564965:23832-23851 /branches/PR-6589133:23810-23822 /branches/PR-6609410:23828 -------------- next part -------------- An HTML attachment was scrubbed... URL: From source_changes at macosforge.org Thu Apr 16 15:18:10 2009 From: source_changes at macosforge.org (source_changes at macosforge.org) Date: Thu, 16 Apr 2009 15:18:10 -0700 (PDT) Subject: [launchd-changes] [23898] trunk/launchd/src Message-ID: <20090416221810.C676315C7255@beta.macosforge.org> Revision: 23898 http://trac.macosforge.org/projects/launchd/changeset/23898 Author: dsorresso at apple.com Date: 2009-04-16 15:18:10 -0700 (Thu, 16 Apr 2009) Log Message: ----------- launchd's periodic sync() seems to be bad for shutdown time when it happens during shutdown. Modified Paths: -------------- trunk/launchd/src/launchd.c trunk/launchd/src/launchd_core_logic.c trunk/launchd/src/launchd_runtime.h Modified: trunk/launchd/src/launchd.c =================================================================== --- trunk/launchd/src/launchd.c 2009-04-15 21:27:54 UTC (rev 23897) +++ trunk/launchd/src/launchd.c 2009-04-16 22:18:10 UTC (rev 23898) @@ -112,7 +112,6 @@ static bool re_exec_in_single_user_mode; static void *crash_addr; static pid_t crash_pid; -static unsigned int g_sync_frequency = 30; bool shutdown_in_progress; bool fake_shutdown_in_progress; @@ -121,6 +120,7 @@ char g_my_label[128] = "__Uninitialized__"; char g_launchd_database_dir[PATH_MAX]; FILE *g_console = NULL; +int32_t g_sync_frequency = 30; int main(int argc, char *const *argv) @@ -263,6 +263,7 @@ sleep(g_sync_frequency); } + runtime_syslog(LOG_DEBUG, "Update thread exiting."); return NULL; } Modified: trunk/launchd/src/launchd_core_logic.c =================================================================== --- trunk/launchd/src/launchd_core_logic.c 2009-04-15 21:27:54 UTC (rev 23897) +++ trunk/launchd/src/launchd_core_logic.c 2009-04-16 22:18:10 UTC (rev 23898) @@ -982,6 +982,10 @@ if (jm->parentmgr == NULL && pid1_magic) { jobmgr_assumes(jm, kevent_mod((uintptr_t)jm, EVFILT_TIMER, EV_ADD, NOTE_SECONDS, 5, jm)); + #if !TARGET_OS_EMBEDDED + /* Kill the update thread. */ + jobmgr_assumes(jm, __sync_sub_and_fetch(&g_sync_frequency, 30) == 0); + #endif } return jobmgr_do_garbage_collection(jm); Modified: trunk/launchd/src/launchd_runtime.h =================================================================== --- trunk/launchd/src/launchd_runtime.h 2009-04-15 21:27:54 UTC (rev 23897) +++ trunk/launchd/src/launchd_runtime.h 2009-04-16 22:18:10 UTC (rev 23898) @@ -108,6 +108,7 @@ extern bool g_log_per_user_shutdown; extern bool g_log_strict_usage; extern bool g_embedded_shutdown_log; +extern int32_t g_sync_frequency; extern pid_t g_wsp; mach_port_t runtime_get_kernel_port(void); -------------- next part -------------- An HTML attachment was scrubbed... URL: From source_changes at macosforge.org Fri Apr 17 14:37:52 2009 From: source_changes at macosforge.org (source_changes at macosforge.org) Date: Fri, 17 Apr 2009 14:37:52 -0700 (PDT) Subject: [launchd-changes] [23899] trunk/launchd/src/launchd_core_logic.c Message-ID: <20090417213752.B5CB015DC828@beta.macosforge.org> Revision: 23899 http://trac.macosforge.org/projects/launchd/changeset/23899 Author: dsorresso at apple.com Date: 2009-04-17 14:37:51 -0700 (Fri, 17 Apr 2009) Log Message: ----------- Finder refuses to launch after Force Quit (error -10810) Modified Paths: -------------- trunk/launchd/src/launchd_core_logic.c Modified: trunk/launchd/src/launchd_core_logic.c =================================================================== --- trunk/launchd/src/launchd_core_logic.c 2009-04-16 22:18:10 UTC (rev 23898) +++ trunk/launchd/src/launchd_core_logic.c 2009-04-17 21:37:51 UTC (rev 23899) @@ -8532,9 +8532,24 @@ otherj = job_dispatch(otherj, true); if (!job_assumes(j, otherj && otherj->p)) { + /* Clear this flag if we failed to start the job. */ + otherj->stall_before_exec = false; return BOOTSTRAP_NO_MEMORY; } + /* If any of these proceeding steps fail, we return an error to the client. + * the problem is that, if the client has requested the job be stalled before + * exec(2), the client won't be able to uncork the fork(2), leaving the job + * forever stalled until the client tries again and we successfully start + * the job. + * + * See for more about the implications. + * + * Fortunately, these next actions should pretty much never fail. In the + * future, we should look at cleaning up after these failures if the job + * was started in a stalled state. + */ + kern_return_t kr = task_name_for_pid(mach_task_self(), otherj->p, out_name_port); if (!job_assumes(j, kr == 0)) { return kr; -------------- next part -------------- An HTML attachment was scrubbed... URL: From source_changes at macosforge.org Fri Apr 17 14:38:42 2009 From: source_changes at macosforge.org (source_changes at macosforge.org) Date: Fri, 17 Apr 2009 14:38:42 -0700 (PDT) Subject: [launchd-changes] [23900] trunk/launchd/src/launchd_core_logic.c Message-ID: <20090417213842.C8B3315DC863@beta.macosforge.org> Revision: 23900 http://trac.macosforge.org/projects/launchd/changeset/23900 Author: dsorresso at apple.com Date: 2009-04-17 14:38:42 -0700 (Fri, 17 Apr 2009) Log Message: ----------- 10A330 won't shut down: launchd still alive with 13/6 (normal/anon) children Modified Paths: -------------- trunk/launchd/src/launchd_core_logic.c Modified: trunk/launchd/src/launchd_core_logic.c =================================================================== --- trunk/launchd/src/launchd_core_logic.c 2009-04-17 21:37:51 UTC (rev 23899) +++ trunk/launchd/src/launchd_core_logic.c 2009-04-17 21:38:42 UTC (rev 23900) @@ -2919,7 +2919,7 @@ return; } - if (j->sampling_complete || j->per_user) { + if( !job_assumes(j, !j->sampling_complete) ) { return; } @@ -3342,6 +3342,10 @@ * with the long SIGKILL */ + if( j->per_user ) { + /* Don't sample per-user launchd's. */ + j->sampling_complete = true; + } bool was_is_or_will_be_sampled = ( j->sampling_complete || j->is_being_sampled || j->pending_sample ); bool should_enqueue = ( !was_is_or_will_be_sampled && do_apple_internal_logging ); -------------- next part -------------- An HTML attachment was scrubbed... URL: From source_changes at macosforge.org Fri Apr 17 15:04:16 2009 From: source_changes at macosforge.org (source_changes at macosforge.org) Date: Fri, 17 Apr 2009 15:04:16 -0700 (PDT) Subject: [launchd-changes] [23901] tags/launchd-318/ Message-ID: <20090417220417.068F015DCE1D@beta.macosforge.org> Revision: 23901 http://trac.macosforge.org/projects/launchd/changeset/23901 Author: dsorresso at apple.com Date: 2009-04-17 15:04:16 -0700 (Fri, 17 Apr 2009) Log Message: ----------- "Tagging launchd-318 from https://svn.macosforge.org/repository/launchd/trunk" Added Paths: ----------- tags/launchd-318/ Property changes on: tags/launchd-318 ___________________________________________________________________ Added: svn:ignore + build Added: svn:mergeinfo + /branches/PR-5092682:23731-23742 /branches/PR-5898404:23681-23700 /branches/PR-5978442:23651-23701 /branches/PR-6132016:23719-23738 /branches/PR-6271234:23818-23822 /branches/PR-6562592:23812-23822 /branches/PR-6564965:23832-23851 /branches/PR-6589133:23810-23822 /branches/PR-6609410:23828 -------------- next part -------------- An HTML attachment was scrubbed... URL: From source_changes at macosforge.org Mon Apr 20 15:46:17 2009 From: source_changes at macosforge.org (source_changes at macosforge.org) Date: Mon, 20 Apr 2009 15:46:17 -0700 (PDT) Subject: [launchd-changes] [23902] trunk/launchd/src Message-ID: <20090420224617.AC61816052BD@beta.macosforge.org> Revision: 23902 http://trac.macosforge.org/projects/launchd/changeset/23902 Author: dsorresso at apple.com Date: 2009-04-20 15:46:16 -0700 (Mon, 20 Apr 2009) Log Message: ----------- ?\195?\162?\194?\152?\194?\130: launchd needs documentation updates Modified Paths: -------------- trunk/launchd/src/launchctl.1 trunk/launchd/src/launchd.8 trunk/launchd/src/launchd.plist.5 Modified: trunk/launchd/src/launchctl.1 =================================================================== --- trunk/launchd/src/launchctl.1 2009-04-17 22:04:16 UTC (rev 23901) +++ trunk/launchd/src/launchctl.1 2009-04-20 22:46:16 UTC (rev 23902) @@ -32,9 +32,18 @@ Load the specified configuration files or directories of configuration files. Jobs that are not on-demand will be started as soon as possible. All specified jobs will be loaded before any of them are allowed to start. +Note that per-user configuration files (LaunchAgents) must be owned by the user +loading them. All system-wide daemons (LaunchDaemons) must be owned by root. Configuration files +must not be group- or world-writable. These restrictions are in place for security reasons, +as allowing writability to a launchd configuration file allows one to specify which executable +will be launched. + +Note that allowing non-root write access to the /System/Library/LaunchDaemons directory WILL render your system unbootable. .Bl -tag -width -indent .It Fl w -Remove the disabled key and write the configuration files back out to disk. +Overrides the Disabled key and sets it to false. In previous versions, this option +would modify the configuration file. Now the state of the Disabled key is stored +elsewhere on-disk. .It Fl F Force the loading of the plist. Ignore the Disabled key. .It Fl S Ar sessiontype @@ -61,7 +70,9 @@ This will also stop the job if it is running. .Bl -tag -width -indent .It Fl w -Add the disabled key and write the configuration files back out to disk. +Overrides the Disabled key and sets it to true. In previous versions, this option +would modify the configuration file. Now the state of the Disabled key is stored +elsewhere on-disk. .It Fl S Ar sessiontype Some jobs only make sense in certain contexts. This flag instructs .Nm launchctl @@ -105,9 +116,36 @@ restart the job if launchd finds any criteria that is satisfied. Non-demand based jobs will always be restarted. Use of this subcommand is discouraged. Jobs should ideally idle timeout by themselves. -.It Ar list -List all of the jobs loaded into +.It Xo Ar list +.Op Ar -x +.Op Ar label +.Xc +With no arguments, list all of the jobs loaded into +.Nm launchd +in three columns. The first column displays the PID of the job if it is running. +The second column displays the last exit status of the job. If the number in this +column is negative, it represents the negative of the signal which killed the job. +Thus, "-15" would indicate that the job was terminated with SIGTERM. The third column +is the job's label. + +Note that you may see some jobs in the list whose labels are in the style "0xdeadbeef.anonymous.program". +These are jobs which are not managed by +.Nm launchd , +but, at one point, made a request to it. +.Nm launchd +claims no ownership and makes no guarantees regarding these jobs. They are stored purely for +bookkeeping purposes. + +Similarly, you may see labels of the style "0xdeadbeef.mach_init.program". These are legacy jobs that run +under mach_init emulation. This mechanism will be removed in future versions, and all remaining mach_init +jobs should be converted over to .Nm launchd . + +If +.Op Ar label +is specified, prints information about the requested job. If +.Op Ar -x +is specified, the information for the specified job is output as an XML property list. .It Ar setenv Ar key Ar value Set an environmental variable inside of .Nm launchd . @@ -155,14 +193,35 @@ .Xr umask 2 of .Nm launchd . -.It Ar bslist Op Ar PID +.It Xo Ar bslist +.Op Ar PID | .. +.Xc This prints out Mach bootstrap services and their respective states. While the namespace appears flat, it is in fact hierarchical, thus allowing for certain services to be only available to a subset of processes. The three states a -service can be in are active ("A"), inactive ("I") and on-demand ("D"). +service can be in are active ("A"), inactive ("I") and on-demand ("D"). If +.Op Ar PID +is specified, print the Mach bootstrap services available to that PID. If +.Op Ar .. +is specified, print the Mach bootstrap services available in the parent of the +current bootstrap. Note that in Mac OS X v10.6, the per-user Mach bootstrap namespace +is flat, so you will only see a different set of services in a per-user bootstrap +if you are in an explicitly-created bootstrap subset. .It Ar bsexec Ar PID command Op Ar args This executes the given command in the same Mach bootstrap namespace hierachy as the given PID. +.It Ar bstree +This prints a hierarchical view of the entire Mach bootstrap tree. Requires root +privileges. +.It Ar managerpid +This prints the PID of the launchd which manages the current bootstrap. +.It Ar manageruid +This prints the UID of the launchd which manages the current bootstrap. +.It Ar managername +This prints the name of the launchd job manager which manages the current bootstrap. +See LimitLoadToSessionType in +.Xr launchd.plist 5 +for more details. .It Ar help Print out a quick usage statement. .El Modified: trunk/launchd/src/launchd.8 =================================================================== --- trunk/launchd/src/launchd.8 2009-04-17 22:04:16 UTC (rev 23901) +++ trunk/launchd/src/launchd.8 2009-04-20 22:46:16 UTC (rev 23902) @@ -55,14 +55,19 @@ This variable is exported when invoking a command via the launchd command line. It informs launchctl how to find the correct launchd to talk to. .El .Sh NOTES -In Darwin it is preferable to have your daemon launch via launchd instead of modifying -.Nm rc -or creating a -.Nm SystemStarter -Startup Item. -.Pp -At some point in the future, we hope to completely phase out the use of -.Nm rc . +In Darwin, the canonical way to launch a daemon is through +.Nm launchd +as opposed to more traditional mechanisms or mechanisms provided in earlier versions of Mac OS X. These alternate methods should +be considered deprecated and not suitable for new projects. + +Also, in the +.Nm launchd +lexicon, a "daemon" is, by definition, a system-wide service of which there is one instance for all clients. An "agent" is a service that runs on +a per-user basis. If you wish your service to run as a certain user, in that user's environment, making it a +.Nm launchd +agent is the ONLY supported means of accomplishing this on Mac OS X. In other words, it is not sufficient to perform a +.Xr setuid 2 +to become a user in the truest sense on Mac OS X. .Sh FILES .Bl -tag -width "/System/Library/LaunchDaemons" -compact .It Pa ~/Library/LaunchAgents @@ -70,11 +75,11 @@ .It Pa /Library/LaunchAgents Per-user agents provided by the administrator. .It Pa /Library/LaunchDaemons -System wide daemons provided by the administrator. +System-wide daemons provided by the administrator. .It Pa /System/Library/LaunchAgents -Mac OS X Per-user agents. +Per-user agents provided by Mac OS X. .It Pa /System/Library/LaunchDaemons -Mac OS X System wide daemons. +System-wide daemons provided by Mac OS X. .El .Sh SEE ALSO .Xr launchctl 1 , Modified: trunk/launchd/src/launchd.plist.5 =================================================================== --- trunk/launchd/src/launchd.plist.5 2009-04-17 22:04:16 UTC (rev 23901) +++ trunk/launchd/src/launchd.plist.5 2009-04-20 22:46:16 UTC (rev 23902) @@ -79,13 +79,45 @@ Property lists are Apple's standard configuration file format. Please see .Xr plist 5 for more information. Please note: property list files are expected to have their name end in ".plist". +Also please note that it is the expected convention for launchd property list files to be named