launchDaemon choose shared file location that doesn't require full disk access

App & System Services General
chapo213 OP
Created Sep ’21
Replies 2
Boosts 0
Views 695
Participants 3

I've got an mach-o executable that runs from launchDaemon plist file, and is communicating with other processes using unix domain socket. The file that backs this socket created in /tmp. However, this cause the executable to fail reading the file unless given full disk access.

I'd like to find a location for the socket file, which is shared to all processes and doesn't require full disk access. the executable reside in /Library/Application Support/myProj/bin/exec_file is there such location ? Perhaps can i use the same location of the executable itself ?

Replies  2
Boosts  0
Views  695
Participants  3
bswift OP
Sep ’21

Have you tried creating the file in the directory returned by confstr(_CS_DARWIN_USER_TEMP_DIR...? See man 3 confstr for details. This directory can be shown from command line with getconf DARWIN_USER_TEMP_DIR

0
DTS Engineer OP
Apple
Sep ’21

I'd like to find a location for the socket file, which is shared to all processes and doesn't require full disk access.

The traditional location for these is /var/run. Does that work for you?

I recommend that you use a reverse DNS-style name, perhaps you launchd job label with the .sock extension, to avoid names collisions.

Also, this definitely won’t work for “all processes”. If you need this to work for a sandboxed app, or any child processes it creates, things get much more complex.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
launchDaemon choose shared file location that doesn't require full disk access
First post date Last post date
 
 
Q