[launchd-dev] Privilege separation and crash resistance
Thomas Clement
thomascl at free.fr
Wed Oct 7 03:08:40 PDT 2009
On Oct 7, 2009, at 11:33 AM, Quinn wrote:
> At 17:25 +0200 30/9/09, Thomas Clement wrote:
>> What is the recommended solution to this situation?
>
> I generally do this stuff with UNIX domain sockets because they are
> so much easier to understand than Mach ports. In that case, each
> agent makes a connection to the daemon's listening UNIX domain
> socket. If the client crashes, the daemon hears about it because
> the socket gets closed. If the daemon crashes, the clients hear
> about it because the socket gets closed. The client should then try
> to open the socket again, which will relaunch the daemon.
This seems to be incompatible with the idea of launching the agent on-
demand (not keeping it alive all the time).
Thomas
More information about the launchd-dev
mailing list