Hi.
I'm trying to write an OS-X daemon which must run privileged. It will be launched from a System-Preferences Panel, using the SMJobBless() API.
Naturally I downloaded the Apple SMJobBless sample code, which seems simple enough - but It doesn't function. The app builds and runs, asks me for credentials (I provide my admin user and password), then it fails to launch the daemon, with a fairly cryptic error:
"2016-01-10 15:57:58.357 SMJobBlessApp[81654:3736339] Something went wrong! CFErrorDomainLaunchd / 4"
I'm new to security/priviliges and I admit I expected Apple's own code-sample to work out of the box... So, I started playing with the Xcode project (and target) code-signing parameters, to no avail. I tried to use my own developer ID and team to sign both the app and the daemon - but the error persists.
Can anyone shed a little light on how to (first step...) get this Code-sample to work?
Now, provided that the sample DID run... I still have several implications.
1. My daemon needs to use (compile and link against, load at runtime) 4 Private frameworks, some of which must (for license requirements) reside on the client hard-drive. I can't install them in /Library/Frameworks or ~/Library/Frameworks - they really need to be private, and I can't have them as static libraries - I receive them from a 3rdParty. So they should be dynamically loaded.
I know SMJobBless() copies my privileged daemon's binary to /Library/PrivilegedHelperTools/ and launchd will run it from there - but how can it then find its frameworks? What should I do with the @runpath and @executablepath settings when building the daemon?
2. I would like my daemon to be packaged as a code-bundle (can't be application-bundle as it has no UI), but if the SMJobBless copies the actual binary out of its bundle - how will it find its bundle resources? Being detached from its bundle structure, how will it correctly read its "user defaults", and configuration files?
Can anyone shed any light on this? Apple documentation is very basic on this front, and as I said --- the code sample doesn't even work.