<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Ludovic,<div class=""><br class=""></div><div class="">If possible, I would recommend using XPC for this purpose. Rather than managing the permissions of a socket on-disk, the MachServices names registered by your agent would be in user-specific namespaces such that this collision never happens.</div><div class=""><br class=""></div><div class="">If that is not possible, then I would recommend taking a look at the SecureSocketForKey option. Instead of specifying the path name upfront, launchd will put the socket at a random path and then set that path as the value for an environment variable (which you name in the value for SecureSocketForKey). launchd then assures that all jobs within the same context as your agent get that environment variable so they can rendezvous with your agent. So for example, if your socket dictionary was</div><div class=""><br class=""></div><div class=""><key>Listeners</key></div><div class=""><dict></div><div class=""><span class="Apple-tab-span" style="white-space:pre"> </span><key>SecureSocketForKey</key></div><div class=""><span class="Apple-tab-span" style="white-space:pre"> </span><string>MY_KEY</string></div><div class=""></dict></div><div class=""><br class=""></div><div class="">other processes would be able to just do a getenv("MY_KEY") to get the path to the socket and connect to it. This should achieve the user-based isolation you want with sockets. Though as I said before, XPC is a much more natural mechanism for IPC on OS X, so use that if it's a practical option for you.</div><div class="">-damien</div><div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On 25 Feb, 2016, at 05:43, Ludovic Rousseau <<a href="mailto:ludovic.rousseau@gmail.com" class="">ludovic.rousseau@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class=""><div class=""><div class=""><div class=""><div class=""><div class="">Hello,<br class=""><br class=""></div>I am using launchd to create a Unix domain socket /tmp/foobar.socket so that launchd starts my agent when someone connects to the sockets.<br class=""><br class=""></div>It works fine except when Fast User Switching is involved.<br class=""><br class=""><div class="">My problem is quite similar to the problem "Listening socket and
fast user switching" [1] discussed on this mailing list in 2008. The difference is that I am using a
UNIX domain socket and not a TCP socket.<br class=""></div><br class=""><br class=""></div>The problematic scenario is as follows:<br class=""></div>1. User A logs in<br class="">2. User A can connect to the socket<br class=""><br class="">3. User B logs in using the Fast User Switching<br class="">4. User B can connect to the socket<br class="">5. User B logs out<br class=""></div><br class=""><div class="">6. User A comes back and fast user switch to his session. Since user A<br class=""> does not _logs in_ again the socket is not changed/recreated and is still<br class=""> only usable by user B<br class=""><br class=""></div><div class="">At this step user A gets:<br class="">$ telnet /tmp/foobar.socket<br class="">Trying /tmp/foobar.socket...<br class="">/tmp/foobar.socket: Connection refused<br clear="all" class=""></div><div class=""><div class=""><div class=""><div class=""><div class=""><div class=""><br class=""></div><div class="">The socket is still present in /tmp/ but it belongs to user B and is no more usable but user A.<br class=""><br class=""></div><div class="">What I would like is the ability for launchd to (re)configure the Unix domain socket each time a user authenticates to the console, either the first time or using the fast user switching method.<br class=""><br class=""><br class=""></div><div class="">- I use a UNIX domain socket so that only local processes can talk to the socket and use my agent. I don't want to open my agent to other computer on the network.<br class=""></div><div class="">- I use launchd to start my agent on request only. That is a very nice feature. I can't detect the user switching since my agent code is, most of the time, not running.<br class=""></div><div class="">- I can't use a different socket name per user since the client of my agent does not know who is currently logged. My client application is talking to the socket configured for whoever is logged at that time.<br class=""></div><br class=""><br class=""><div class="">My /Library/LaunchAgents/com.foobar.plist file contains:<br class=""><br class=""><?xml version="1.0" encoding="UTF-8"?><br class=""><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "<a href="http://www.apple.com/DTDs/PropertyList-1.0.dtd" class="">http://www.apple.com/DTDs/PropertyList-1.0.dtd</a>"><br class=""><plist version="1.0"><br class=""><dict><br class=""> <key>Label</key><br class=""> <string>com.foobar</string><br class=""> <key>ProgramArguments</key><br class=""> <array><br class=""> <string>/usr/local/lib/foobar_exe</string><br class=""> </array><br class=""> <key>Sockets</key><br class=""> <dict><br class=""> <key>Listeners</key><br class=""> <dict><br class=""> <key>SockPathName</key><br class=""> <string>/tmp/foobar.socket</string><br class=""> </dict><br class=""> </dict><br class=""> <key>ProcessType</key><br class=""> <string>Interactive</string><br class=""></dict><br class=""></plist><br class=""><br class=""><br class=""></div><div class="">Does launchd provides a solution to my problem?<br class=""></div><div class=""><br class="">Should I open a bug at Apple to ask for this new feature in launchd?<br class=""><br class=""></div><div class="">Thanks<br class=""></div><div class=""><br class=""></div>[1] <a href="https://lists.macosforge.org/pipermail/launchd-dev/2008-May/000298.html" target="_blank" class="">https://lists.macosforge.org/pipermail/launchd-dev/2008-May/000298.html</a><br class=""><div class=""><br class=""></div><div class="">-- <br class=""><div class=""> Dr. Ludovic Rousseau</div>
</div></div></div></div></div></div></div>
_______________________________________________<br class="">launchd-dev mailing list<br class=""><a href="mailto:launchd-dev@lists.macosforge.org" class="">launchd-dev@lists.macosforge.org</a><br class="">https://lists.macosforge.org/mailman/listinfo/launchd-dev<br class=""></div></blockquote></div><br class=""></div></body></html>