[launchd-dev] Privilege separation and crash resistance

Thomas Clement thomascl at free.fr
Wed Oct 7 03:08:40 PDT 2009

On Oct 7, 2009, at 11:33 AM, Quinn wrote:

> At 17:25 +0200 30/9/09, Thomas Clement wrote:
>> What is the recommended solution to this situation?
> I generally do this stuff with UNIX domain sockets because they are  
> so much easier to understand than Mach ports.  In that case, each  
> agent makes a connection to the daemon's listening UNIX domain  
> socket.  If the client crashes, the daemon hears about it because  
> the socket gets closed.  If the daemon crashes, the clients hear  
> about it because the socket gets closed.  The client should then try  
> to open the socket again, which will relaunch the daemon.

This seems to be incompatible with the idea of launching the agent on- 
demand (not keeping it alive all the time).


More information about the launchd-dev mailing list