[launchd-dev] How to ensure that my job is launched through launchd and not directly?

Damien Sorresso dsorresso at apple.com
Fri Apr 17 09:10:59 PDT 2015


On 17 Apr, 2015, at 00:45, Per Olofsson <per.olofsson at gu.se> wrote:
> 16 apr 2015 kl. 21:20 skrev Damien Sorresso <dsorresso at apple.com>:
>> 
>> There are a couple strategies you can use.
>> 
>> In your launchd.plist(5), you can define a certain environment variable, like LAUNCHED_BY_LAUNCHD or something. If you check for that variable with getenv(3) and it is not present, you know that you weren't launched properly.
>> 
>> Alternatively, as of Yosemite, launchd sets an environment variable called XPC_SERVICE_NAME whose value is the label you've given your job. You can check that too.
> 
> Any thoughts on checking in with launchd and getting the job label? launch_data_dict_lookup(checkin_response, LAUNCH_JOBKEY_LABEL) predictably fails when run on the commandline, and succeeds when started as a daemon by launchd.

For various reasons, that is probably not as reliable as you'd think across OS versions, especially crossing from Mavericks to Yosemite. The environment variable is a fairly authoritative indication that launchd spawned you. Of course, anyone can set it if they spawn your binary by hand, so just don't make security decisions based on its presence or absence.

Also those APIs are incredibly awkward and have been deprecated in Yosemite.
-damien

>> Do not do a getppid(3) check against 1. It will fail on older OSes if you're an agent, and the kernel may reparent processes to PID 1 under certain conditions, so having a parent PID of 1 is not necessarily indicative of being managed by launchd.
> 
> I suspected as much, good to know :)
> 
> -- 
> Per Olofsson, IT-service, University of Gothenburg
> 
> _______________________________________________
> launchd-dev mailing list
> launchd-dev at lists.macosforge.org
> https://lists.macosforge.org/mailman/listinfo/launchd-dev



More information about the launchd-dev mailing list