[launchd-dev] Privilege separation and crash resistance
Damien Sorresso
dsorresso at apple.com
Wed Sep 30 09:43:17 PDT 2009
On Sep 30, 2009, at 10:25 AM, Thomas Clement wrote:
> Hello,
>
> I think the following architecture is recommended when a daemon
> needs to talk to an agent:
> - daemon listens on privileged port
> - agent is set to run at load time and checks in with the daemon to
> vends its mach port
> - daemon uses the vended mach port to launch the agent on demand
>
> However if the daemon crashes, it loses the vended mach port and is
> unable to launch the agent.
> What is the recommended solution to this situation?
The really, really hacky way to do this would be to use
bootstrap_register() to place the send right in the daemon's Mach
bootstrap so that it can look it up when it comes back. That's about
the only thing I can think of.
--
Damien Sorresso
BSD Engineering
Apple Inc.
More information about the launchd-dev
mailing list