[launchd-dev] _vprocmgr_move_subset_to_user()

Damien Sorresso dsorresso at apple.com
Tue Mar 17 10:36:10 PDT 2009


On Mar 17, 2009, at 9:27 AM, Stuart Crook wrote:
> Hi. Could someone help me understand _vprocmgr_move_subset_to_user()  
> and the environmental conditions which cause a call to it to fail.
>
> To explain the context: I'm working with the PureDarwin (www.puredarwin.org 
> ) team, and we've almost got an mutil-user environment up and  
> running. The system is running in standard (ie. not single-user)  
> mode, with the user as root (uid=0, gid=0). A number of daemons  
> including launchd, securityd and DirectoryService are active.  
> "login" will run but fails with the message "Cannot make/remove an  
> entry for the specified session". I've traced the failure down to  
> the pam_launchd module (part of the pam_modules project in Darwin),  
> and specifically to a call to _vprocmgr_move_subset_to_user() (no  
> other failure in this module will produce the exact error code I'm  
> seeing).
>
> The following error messages are printed to the system error log:
>
> Mar 17 16:50:57 VMDarwin com.apple.launchd[1]  
> (com.apple.launchd.peruser.1000[95]): Root Mach bootstrap cannot be  
> transferred.
> Mar 17 16:50:57 VMDarwin login[94]: USER_PROCESS: 94 ttys000
> Mar 17 16:50:57 VMDarwin com.apple.launchd[95] (0x1010b0.login[94]):  
> Bug: launchd_core_logic.c:6292 (23646):1100: kr == 0
>
> _vprocmgr_move_subset_to_user() is being called with arguments  
> uid=1000 and session_type="StandardIO" (the default, I believe).  
> I've tried following the source (from 258.19) but become lost when I  
> can't find vproc_mig_swap_integer().
>
> So, bearing in mind that this is a version of Darwin assembled from  
> pieces rather than OS X, can anyone suggest why creating a user  
> session like this may fail? What steps do we need to take to  
> assemble an environment which will allow user session creations? Any  
> and all help will be appreciated.
>
> (And if you'd like to assemble your own test environment, grab the  
> VMWare image from http://sites.google.com/a/puredarwin.org/puredarwin/downloads/xmas 
>  and then follow the instructions here: http://sites.google.com/a/puredarwin.org/puredarwin/developers/network 
>  ).


login is calling into pam_launchd, which calls into  
_vprocmgr_move_subset_to_user(), and it resides in the root Mach  
bootstrap, i.e. the bootstrap provided by the PID 1 launchd. The SPI  
is calling "_vprocmgr_move_subset_to_user()" because it moves a  
bootstrap subset, not a root bootstrap.

So have login call the Security framework's SessionCreate() SPI before  
calling into pam_launchd. That should do the trick.

For the record, I desperately want to remove this SPI in SnowLeopard.
-- 
Damien Sorresso
BSD Engineering
Apple Inc.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2425 bytes
Desc: not available
URL: <http://lists.macosforge.org/pipermail/launchd-dev/attachments/20090317/4fd898d8/attachment.bin>


More information about the launchd-dev mailing list