<html><head>
<meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type">
</head><body bgcolor="#FFFFFF" text="#000000"><br>
<span>
</span><br>
<blockquote style="border: 0px none;"
cite="mid:CF7147A6-7E5F-47D6-91CD-04091E098E69@apple.com" type="cite">
<div style="margin:30px 25px 10px 25px;" class="__pbConvHr"><div
style="width:100%;border-top:1px solid #EDEEF0;padding-top:5px"> <div
style="display:inline-block;white-space:nowrap;vertical-align:middle;width:49%;">
<a moz-do-not-send="true" href="mailto:dsorresso@apple.com"
style="color:#737F92
!important;padding-right:6px;font-weight:bold;text-decoration:none
!important;">Damien Sorresso</a></div> <div
style="display:inline-block;white-space:nowrap;vertical-align:middle;width:48%;text-align:
right;"> <font color="#9FA2A5"><span style="padding-left:6px">November
5, 2015 at 3:43 PM</span></font></div> </div></div>
<div style="color: rgb(136, 136, 136); margin-left: 24px;
margin-right: 24px;" __pbrmquotes="true" class="__pbConvBody"><meta
content="text/html; charset=ISO-8859-1" http-equiv="Content-Type">On 5
Nov, 2015, at 14:23, James Bucanek <<a moz-do-not-send="true"
class="" href="mailto:subscriber@gloaming.com">subscriber@gloaming.com</a>>
wrote:<div><blockquote class="" type="cite"><div class=""><span
class="" style="font-family: Menlo-Regular; font-size: 12px; font-style:
normal; font-variant: normal; font-weight: normal; letter-spacing:
normal; orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto; word-spacing:
0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255,
255); float: none; display: inline !important;"></span><span class=""
style="font-family: Menlo-Regular; font-size: 12px; font-style: normal;
font-variant: normal; font-weight: normal; letter-spacing: normal;
orphans: auto; text-align: start; text-indent: 0px; text-transform:
none; white-space: normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255);
float: none; display: inline !important;">I understand. This is exactly
the session I want. My product has an option ("Start and run actions
when logged out") that allows you install the scheduler agent the
"Background" session so that backups and other maintenance can be
performed even when logged out (or because you've logged out).</span><br
class="" style="font-family: Menlo-Regular; font-size: 12px;
font-style: normal; font-variant: normal; font-weight: normal;
letter-spacing: normal; orphans: auto; text-align: start; text-indent:
0px; text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color:
rgb(255, 255, 255);"></div></blockquote><div><br class=""></div><div>Okay,
just as long as you understand the implications.</div></div></div>
</blockquote>
I'm trying. :)<br>
<br>
<br>
<blockquote style="border: 0px none;"
cite="mid:CF7147A6-7E5F-47D6-91CD-04091E098E69@apple.com" type="cite">
<div style="color: rgb(136, 136, 136); margin-left: 24px;
margin-right: 24px;" __pbrmquotes="true" class="__pbConvBody">
<div><blockquote class="" type="cite"><div class=""><span class=""
style="font-family: Menlo-Regular; font-size: 12px; font-style: normal;
font-variant: normal; font-weight: normal; letter-spacing: normal;
orphans: auto; text-align: start; text-indent: 0px; text-transform:
none; white-space: normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255);
float: none; display: inline !important;">I'm surprised that you say
that the home folder might not be available when the Background session
is created. How is that possible? The user agent configuration file
(~/Library/LaunchAgents/com.qrecall.scheduler.plist) is _inside_ the
home folder. How would launchd load an agent service *before* the
configuration file that defines that service is readable?</span><br
class="" style="font-family: Menlo-Regular; font-size: 12px; font-style:
normal; font-variant: normal; font-weight: normal; letter-spacing:
normal; orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto; word-spacing:
0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255,
255);"></div></blockquote><div><br class=""></div><div>This gets
complicated. First off, Background agents cannot rely on the presence of
the user's home directory because there is code that executes only in
the GUI login path which may be responsible for making that home
directory available. Think NFS home directories or OG FileVault, which
both require the user to enter her password at the login window to
mount/decrypt the home directory. In either of those scenarios, without
the user's secret, the home directory is inaccessible.</div></div>
</div>
</blockquote>
Honestly, I had always assumed that any
authentication/login/mounting/decrypting would have been handled in
login's Aqua session, not the user's Aqua session. But if that's where
it's happening, I can see some of the chicken-and-egg problems.<br>
<blockquote style="border: 0px none;"
cite="mid:CF7147A6-7E5F-47D6-91CD-04091E098E69@apple.com" type="cite">
<div style="color: rgb(136, 136, 136); margin-left: 24px;
margin-right: 24px;" __pbrmquotes="true" class="__pbConvBody">
<div><div><br class=""></div><div>For this reason, launchd cannot
actually support loading Background agents from the user's home
directory. This is what you're hitting.</div><div><br class=""></div><div>To
give you a little more background on what's happening, launchd has to
use a helper (otherbsd) to sniff out agents from the user's home
directory because it itself cannot actually safely resolve a user's home
directory location. The calls to do this (getpwnam(3) and friends)
might wind up doing IPC to opendirectoryd, which launchd is responsible
for launching, which would create a layering inversion.</div><div><br
class=""></div><div>So what it does instead is spawn its little otherbsd
helper to go off, find the user's home directory, and snarf the agents
contained therein. But this agent is there specifically to load stuff
into the Aqua session. So when it gives launchd a plist that has its
loads limited to the Background session, launchd says "No you're in the
wrong session", hence that error message.</div></div>
</div>
</blockquote>
Thanks, that makes (a lot more) sense now.<br>
<br>
OK, one last question: Is it ever the case that the home
directory/mountpoint might disappear *after* a user's Background and
Aqua session is created, say when they log out?<br>
<br>
<blockquote style="border: 0px none;"
cite="mid:CF7147A6-7E5F-47D6-91CD-04091E098E69@apple.com" type="cite">
<div style="color: rgb(136, 136, 136); margin-left: 24px;
margin-right: 24px;" __pbrmquotes="true" class="__pbConvBody"><div
class="">Something ugly you could do:</div><div class=""><br class=""></div><div
class="">Have another plist inside ~/Library/LaunchAgents that does not
have the LimitLoadToSession key set which runs a script which does</div><div
class=""><br class=""></div><div class="">launchctl load -S Background
~/Library/LaunchAgents/com.qrecall.scheduler.plist</div><div class=""><br
class=""></div><div class="">That will target the load to the
background session upon the user's GUI login, and the agent will
continue to be available after logout, but it will not be available
until the user logs in at least once on the GUI.</div></div>
</blockquote>
There's a possibility I don't have to get that ugly, but I might look
into implementing something like that ... but only if the answer to the
earlier question is "never."<br>
<br>
The principle purpose of my app is backups. If the user's home directory
is going to unmount again when they log out, trying to perform a backup
at that point is pretty useless, so worrying about how to keep the
scheduler running int the background session under those circumstance
would be moot.<br>
<br>
James<br>
</body></html>