[launchd-dev] Privilege separation and crash resistance

[Thomas Clement]

Hello,

I think the following architecture is recommended when a daemon needs  
to talk to an agent:
- daemon listens on privileged port
- agent is set to run at load time and checks in with the daemon to  
vends its mach port
- daemon uses the vended mach port to launch the agent on demand

However if the daemon crashes, it loses the vended mach port and is  
unable to launch the agent.
What is the recommended solution to this situation?


Regards,
Thomas