<html><head><meta http-equiv="Content-Type" content="text/html charset=iso-8859-1"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">On 5 Nov, 2015, at 15:54, James Bucanek <<a href="mailto:subscriber@gloaming.com" class="">subscriber@gloaming.com</a>> wrote:<br class=""><div><blockquote type="cite" class=""><br class=""><div class=""><div bgcolor="#FFFFFF" text="#000000" class="">
<blockquote style="border: 0px none;" cite="mid:CF7147A6-7E5F-47D6-91CD-04091E098E69@apple.com" type="cite" class="">
<div style="margin:30px 25px 10px 25px;" class="__pbConvHr"><div style="width:100%;border-top:1px solid #EDEEF0;padding-top:5px" class=""> <div style="display:inline-block;white-space:nowrap;vertical-align:middle;width:49%;" class="">
<a moz-do-not-send="true" href="mailto:dsorresso@apple.com" style="color:#737F92
!important;padding-right:6px;font-weight:bold;text-decoration:none
!important;" class="">Damien Sorresso</a></div> <div style="display:inline-block;white-space:nowrap;vertical-align:middle;width:48%;text-align:
right;" class=""> <font color="#9FA2A5" class=""><span style="padding-left:6px" class="">November
5, 2015 at 3:43 PM</span></font></div> </div></div>
<div style="color: rgb(136, 136, 136); margin-left: 24px;
margin-right: 24px;" __pbrmquotes="true" class="__pbConvBody"><meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type" class="">On 5
Nov, 2015, at 14:23, James Bucanek <<a moz-do-not-send="true" class="" href="mailto:subscriber@gloaming.com">subscriber@gloaming.com</a>>
wrote:<div class=""><blockquote class="" type="cite"><div class=""><span class="" style="font-family: Menlo-Regular; font-size: 12px; font-style:
normal; font-variant: normal; font-weight: normal; letter-spacing:
normal; orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto; word-spacing:
0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255,
255); float: none; display: inline !important;"></span><span class="" style="font-family: Menlo-Regular; font-size: 12px; font-style: normal;
font-variant: normal; font-weight: normal; letter-spacing: normal;
orphans: auto; text-align: start; text-indent: 0px; text-transform:
none; white-space: normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255);
float: none; display: inline !important;">I understand. This is exactly
the session I want. My product has an option ("Start and run actions
when logged out") that allows you install the scheduler agent the
"Background" session so that backups and other maintenance can be
performed even when logged out (or because you've logged out).</span><br class="" style="font-family: Menlo-Regular; font-size: 12px;
font-style: normal; font-variant: normal; font-weight: normal;
letter-spacing: normal; orphans: auto; text-align: start; text-indent:
0px; text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color:
rgb(255, 255, 255);"></div></blockquote><div class=""><br class=""></div><div class="">Okay,
just as long as you understand the implications.</div></div></div>
</blockquote>
I'm trying. :)<br class="">
<br class="">
<br class="">
<blockquote style="border: 0px none;" cite="mid:CF7147A6-7E5F-47D6-91CD-04091E098E69@apple.com" type="cite" class="">
<div style="color: rgb(136, 136, 136); margin-left: 24px;
margin-right: 24px;" __pbrmquotes="true" class="__pbConvBody">
<div class=""><blockquote class="" type="cite"><div class=""><span class="" style="font-family: Menlo-Regular; font-size: 12px; font-style: normal;
font-variant: normal; font-weight: normal; letter-spacing: normal;
orphans: auto; text-align: start; text-indent: 0px; text-transform:
none; white-space: normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255);
float: none; display: inline !important;">I'm surprised that you say
that the home folder might not be available when the Background session
is created. How is that possible? The user agent configuration file
(~/Library/LaunchAgents/com.qrecall.scheduler.plist) is _inside_ the
home folder. How would launchd load an agent service *before* the
configuration file that defines that service is readable?</span><br class="" style="font-family: Menlo-Regular; font-size: 12px; font-style:
normal; font-variant: normal; font-weight: normal; letter-spacing:
normal; orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto; word-spacing:
0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255,
255);"></div></blockquote><div class=""><br class=""></div><div class="">This gets
complicated. First off, Background agents cannot rely on the presence of
the user's home directory because there is code that executes only in
the GUI login path which may be responsible for making that home
directory available. Think NFS home directories or OG FileVault, which
both require the user to enter her password at the login window to
mount/decrypt the home directory. In either of those scenarios, without
the user's secret, the home directory is inaccessible.</div></div>
</div>
</blockquote>
Honestly, I had always assumed that any
authentication/login/mounting/decrypting would have been handled in
login's Aqua session, not the user's Aqua session. But if that's where
it's happening, I can see some of the chicken-and-egg problems.</div></div></blockquote><div><br class=""></div><div>The login window's session gets morphed into the user's Aqua session. It's a very weird and complex dance.</div><br class=""><blockquote type="cite" class=""><div class=""><div bgcolor="#FFFFFF" text="#000000" class=""><blockquote style="border: 0px none;" cite="mid:CF7147A6-7E5F-47D6-91CD-04091E098E69@apple.com" type="cite" class=""><div style="color: rgb(136, 136, 136); margin-left: 24px;
margin-right: 24px;" __pbrmquotes="true" class="__pbConvBody"><div class=""><div class="">For this reason, launchd cannot
actually support loading Background agents from the user's home
directory. This is what you're hitting.</div><div class=""><br class=""></div><div class="">To
give you a little more background on what's happening, launchd has to
use a helper (otherbsd) to sniff out agents from the user's home
directory because it itself cannot actually safely resolve a user's home
directory location. The calls to do this (getpwnam(3) and friends)
might wind up doing IPC to opendirectoryd, which launchd is responsible
for launching, which would create a layering inversion.</div><div class=""><br class=""></div><div class="">So what it does instead is spawn its little otherbsd
helper to go off, find the user's home directory, and snarf the agents
contained therein. But this agent is there specifically to load stuff
into the Aqua session. So when it gives launchd a plist that has its
loads limited to the Background session, launchd says "No you're in the
wrong session", hence that error message.</div></div>
</div>
</blockquote>
Thanks, that makes (a lot more) sense now.<br class="">
<br class="">
OK, one last question: Is it ever the case that the home
directory/mountpoint might disappear *after* a user's Background and
Aqua session is created, say when they log out?<br class=""></div></div></blockquote><div><br class=""></div><div>Yes, network home directories or OG FileVault homes will probably get unmounted after logout.</div><br class=""><blockquote type="cite" class=""><div class=""><div bgcolor="#FFFFFF" text="#000000" class="">
<blockquote style="border: 0px none;" cite="mid:CF7147A6-7E5F-47D6-91CD-04091E098E69@apple.com" type="cite" class="">
<div style="color: rgb(136, 136, 136); margin-left: 24px;
margin-right: 24px;" __pbrmquotes="true" class="__pbConvBody"><div class="">Something ugly you could do:</div><div class=""><br class=""></div><div class="">Have another plist inside ~/Library/LaunchAgents that does not
have the LimitLoadToSession key set which runs a script which does</div><div class=""><br class=""></div><div class="">launchctl load -S Background
~/Library/LaunchAgents/com.qrecall.scheduler.plist</div><div class=""><br class=""></div><div class="">That will target the load to the
background session upon the user's GUI login, and the agent will
continue to be available after logout, but it will not be available
until the user logs in at least once on the GUI.</div></div>
</blockquote>
There's a possibility I don't have to get that ugly, but I might look
into implementing something like that ... but only if the answer to the
earlier question is "never."<br class=""></div></div></blockquote><div><br class=""></div><div>Perhaps the best way to answer would be the statement that the only time a home directory guaranteed to be available is when the user is logged in at the GUI console. Once that GUI login session goes away, there is no guarantee of home directory availability.</div><br class=""><blockquote type="cite" class=""><div class=""><div bgcolor="#FFFFFF" text="#000000" class="">
The principle purpose of my app is backups. If the user's home directory
is going to unmount again when they log out, trying to perform a backup
at that point is pretty useless, so worrying about how to keep the
scheduler running int the background session under those circumstance
would be moot.<br class="">
</div>
</div></blockquote><br class=""></div>In that case, I would say that your agent could potentially listen for a notification for when that user actually logs in. I don't know what that notification is called, but I'm pretty sure it exists. ;)<div class=""><br class=""></div><div class="">At that point, it could start a backup at a low priority QoS. (See the dispatch(3) man pages for explanations of the quality-of-service APIs and how you can run work at a background priority.)<div class="">-damien</div><div class=""><div class=""><br class=""></div></div></div></body></html>