]> git.saurik.com Git - apple/launchd.git/blame_incremental - launchd/src/launchd.plist.5
launchd-329.3.tar.gz
[apple/launchd.git] / launchd / src / launchd.plist.5
... / ...
CommitLineData
1.Dd 1 May, 2009
2.Dt launchd.plist 5
3.Os Darwin
4.Sh NAME
5.Nm launchd.plist
6.Nd System wide and per-user daemon/agent configuration files
7.Sh DESCRIPTION
8This document details the parameters that can be given to an XML property list that can be loaded into
9.Nm launchd
10with
11.Nm launchctl .
12.Sh EXPECTATIONS
13Daemons or agents managed by
14.Nm launchd
15are expected to behave certain ways.
16.Pp
17A daemon or agent launched by
18.Nm launchd
19MUST NOT do the following in the process directly launched by
20.Nm launchd :
21.Pp
22.Bl -bullet -offset indent -compact
23.It
24Call
25.Xr daemon 3 .
26.It
27Do the moral equivalent of
28.Xr daemon 3
29by calling
30.Xr fork 2
31and have the parent process
32.Xr exit 3
33or
34.Xr _exit 2 .
35.El
36.Pp
37A daemon or agent launched by
38.Nm launchd
39SHOULD NOT do the following as a part of their startup initialization:
40.Pp
41.Bl -bullet -offset indent -compact
42.It
43Setup the user ID or group ID.
44.It
45Setup the working directory.
46.It
47.Xr chroot 2
48.It
49.Xr setsid 2
50.It
51Close "stray" file descriptors.
52.It
53Change
54.Xr stdio 3
55to /dev/null.
56.It
57Setup resource limits with
58.Xr setrusage 2 .
59.It
60Setup priority with
61.Xr setpriority 2 .
62.It
63Ignore the SIGTERM signal.
64.El
65.Pp
66A daemon or agent launched by
67.Nm launchd
68SHOULD:
69.Pp
70.Bl -bullet -offset indent -compact
71.It
72Launch on demand given criteria specified in the XML property list.
73More information can be found later in this man page.
74.It
75Catch the SIGTERM signal.
76.El
77.Sh XML PROPERTY LIST KEYS
78The following keys can be used to describe the configuration details of your daemon or agent.
79Property lists are Apple's standard configuration file format. Please see
80.Xr plist 5
81for more information. Please note: property list files are expected to have their name end in ".plist".
82Also please note that it is the expected convention for launchd property list files to be named <Label>.plist.
83Thus, if your job label is "com.apple.sshd", your plist file should be named "com.apple.sshd.plist".
84.Pp
85.Bl -ohang
86.It Sy Label <string>
87This required key uniquely identifies the job to
88.Nm launchd .
89.It Sy Disabled <boolean>
90This optional key is used as a hint to
91.Xr launchctl 1
92that it should not submit this job to
93.Nm launchd
94when loading a job or jobs. The value of this key does NOT reflect the current state of the job on the running system. If you wish to know whether a job is loaded in launchd, reading this key from a configuration file yourself is not a
95sufficient test. You should query
96.Nm launchd
97for the presence of the job using the
98.Xr launchctl 1
99.Ar list
100subcommand or use the ServiceManagement framework's SMJobCopyDictionary() method.
101.Pp
102Note that as of Mac OS X v10.6, this key's value in a configuration
103file conveys a default value, which is changed with the
104.Op Ar -w
105option of the
106.Xr launchctl 1
107.Ar load
108and
109.Ar unload
110subcommands. These subcommands no longer modify the configuration file, so the value displayed in the configuration file is not necessarily the value that
111.Xr launchctl 1
112will apply. See
113.Xr launchctl 1
114for more information.
115.Pp
116Please also be mindful that you should only use this key if the provided
117on-demand and KeepAlive criteria are insufficient to describe the conditions under which your job needs to run. The cost
118to have a job loaded in
119.Nm launchd
120is negligible, so there is no harm in loading a job which only runs once or very rarely.
121.It Sy UserName <string>
122This optional key specifies the user to run the job as. This key is only applicable when launchd is running as root.
123.It Sy GroupName <string>
124This optional key specifies the group to run the job as. This key is only applicable when launchd is running as root. If UserName is set and GroupName is not, the the group will be set to the default group of the user.
125.It Sy inetdCompatibility <dictionary>
126The presence of this key specifies that the daemon expects to be run as if it were launched from inetd.
127.Bl -ohang -offset indent
128.It Sy Wait <boolean>
129This flag corresponds to the "wait" or "nowait" option of inetd. If true, then the listening socket is passed via the standard in/out/error file descriptors. If false, then
130.Xr accept 2
131is called on behalf of the job, and the result is passed via the standard in/out/error descriptors.
132.El
133.It Sy LimitLoadToHosts <array of strings>
134This configuration file only applies to the hosts listed with this key. Note: One should set kern.hostname in
135.Xr sysctl.conf 5
136for this feature to work reliably.
137.It Sy LimitLoadFromHosts <array of strings>
138This configuration file only applies to hosts NOT listed with this key. Note: One should set kern.hostname in
139.Xr sysctl.conf 5
140for this feature to work reliably.
141.It Sy LimitLoadToSessionType <string>
142This configuration file only applies to sessions of the type specified. This key is used
143in concert with the -S flag to
144.Nm launchctl .
145.It Sy Program <string>
146This key maps to the first argument of
147.Xr execvp 3 .
148If this key is missing, then the first element of the array of strings provided to the ProgramArguments will be used instead.
149This key is required in the absence of the ProgramArguments key.
150.It Sy ProgramArguments <array of strings>
151This key maps to the second argument of
152.Xr execvp 3 .
153This key is required in the absence of the Program key. Please note: many people are confused by this key. Please read
154.Xr execvp 3
155very carefully!
156.It Sy EnableGlobbing <boolean>
157This flag causes
158.Nm launchd
159to use the
160.Xr glob 3
161mechanism to update the program arguments before invocation.
162.It Sy EnableTransactions <boolean>
163This flag instructs
164.Nm launchd
165that the job promises to use
166.Xr vproc_transaction_begin 3
167and
168.Xr vproc_transaction_end 3
169to track outstanding transactions that need to be reconciled before the process can safely terminate. If no outstanding transactions are in progress, then
170.Nm launchd
171is free to send the SIGKILL signal.
172.It Sy OnDemand <boolean>
173This key was used in Mac OS X 10.4 to control whether a job was kept alive or not. The default was true.
174This key has been deprecated and replaced in Mac OS X 10.5 and later with the more powerful KeepAlive option.
175.It Sy KeepAlive <boolean or dictionary of stuff>
176This optional key is used to control whether your job is to be kept
177continuously running or to let demand and conditions control the invocation. The
178default is false and therefore only demand will start the job. The value may be
179set to true to unconditionally keep the job alive. Alternatively, a dictionary
180of conditions may be specified to selectively control whether
181.Nm launchd
182keeps a job alive or not. If multiple keys are provided, launchd ORs them, thus
183providing maximum flexibility to the job to refine the logic and stall if necessary. If
184.Nm launchd
185finds no reason to restart the job, it falls back on demand based invocation.
186Jobs that exit quickly and frequently when configured to be kept alive will be
187throttled to converve system resources.
188.Bl -ohang -offset indent
189.It Sy SuccessfulExit <boolean>
190If true, the job will be restarted as long as the program exits and with an exit
191status of zero. If false, the job will be restarted in the inverse condition.
192This key implies that "RunAtLoad" is set to true, since the job needs to run at
193least once before we can get an exit status.
194.It Sy NetworkState <boolean>
195If true, the job will be kept alive as long as the network is up, where up is
196defined as at least one non-loopback interface being up and having IPv4 or IPv6
197addresses assigned to them.
198If false, the job will be kept alive in the inverse condition.
199.It Sy PathState <dictionary of booleans>
200Each key in this dictionary is a file-system path. If the value of the key is
201true, then the job will be kept alive as long as the path exists.
202If false, the job will be kept alive in the inverse condition. The intent of this
203feature is that two or more jobs may create semaphores in the file-system namespace.
204.It Sy OtherJobEnabled <dictionary of booleans>
205Each key in this dictionary is the label of another job. If the value of the key is
206true, then this job is kept alive as long as that other job is enabled. Otherwise,
207if the value is false, then this job is kept alive as long as the other job is disabled.
208This feature should not be considered a substitute for the use of IPC.
209.El
210.It Sy RunAtLoad <boolean>
211This optional key is used to control whether your job is launched once at the time the job is loaded. The default is false.
212.It Sy RootDirectory <string>
213This optional key is used to specify a directory to
214.Xr chroot 2
215to before running the job.
216.It Sy WorkingDirectory <string>
217This optional key is used to specify a directory to
218.Xr chdir 2
219to before running the job.
220.It Sy EnvironmentVariables <dictionary of strings>
221This optional key is used to specify additional environmental variables to be set before running the job.
222.It Sy Umask <integer>
223This optional key specifies what value should be passed to
224.Xr umask 2
225before running the job. Known bug: Property lists don't support octal, so please convert the value to decimal.
226.It Sy TimeOut <integer>
227The recommended idle time out (in seconds) to pass to the job. If no value is specified, a default time out will be supplied by
228.Nm launchd
229for use by the job at check in time.
230.It Sy ExitTimeOut <integer>
231The amount of time
232.Nm launchd
233waits before sending a SIGKILL signal. The default value is 20 seconds. The value zero is interpreted as infinity.
234.It Sy ThrottleInterval <integer>
235This key lets one override the default throttling policy imposed on jobs by
236.Nm launchd .
237The value is in seconds, and by default, jobs will not be spawned more than once every 10 seconds.
238The principle behind this is that jobs should linger around just in case they are needed again in the near future. This not only
239reduces the latency of responses, but it encourages developers to amortize the cost of program invocation.
240.It Sy InitGroups <boolean>
241This optional key specifies whether
242.Xr initgroups 3
243should be called before running the job.
244The default is true in 10.5 and false in 10.4. This key will be ignored if the UserName key is not set.
245.It Sy WatchPaths <array of strings>
246This optional key causes the job to be started if any one of the listed paths are modified.
247.It Sy QueueDirectories <array of strings>
248Much like the WatchPaths option, this key will watch the paths for modifications. The difference being that the job will only be started if the path is a directory and the directory is not empty.
249.It Sy StartOnMount <boolean>
250This optional key causes the job to be started every time a filesystem is mounted.
251.It Sy StartInterval <integer>
252This optional key causes the job to be started every N seconds.
253If the system is asleep, the job will be started the next time the computer
254wakes up. If multiple intervals transpire before the computer is woken, those
255events will be coalesced into one event upon wake from sleep.
256.It Sy StartCalendarInterval <dictionary of integers or array of dictionary of integers>
257This optional key causes the job to be started every calendar interval as specified. Missing arguments are considered to be wildcard. The semantics are much like
258.Xr crontab 5 .
259Unlike cron which skips job invocations when the computer is asleep, launchd
260will start the job the next time the computer wakes up. If multiple intervals
261transpire before the computer is woken, those events will be coalesced into one
262event upon wake from sleep.
263.Bl -ohang -offset indent
264.It Sy Minute <integer>
265The minute on which this job will be run.
266.It Sy Hour <integer>
267The hour on which this job will be run.
268.It Sy Day <integer>
269The day on which this job will be run.
270.It Sy Weekday <integer>
271The weekday on which this job will be run (0 and 7 are Sunday).
272.It Sy Month <integer>
273The month on which this job will be run.
274.El
275.It Sy StandardInPath <string>
276This optional key specifies what file should be used for data being supplied to stdin when using
277.Xr stdio 3 .
278.It Sy StandardOutPath <string>
279This optional key specifies what file should be used for data being sent to stdout when using
280.Xr stdio 3 .
281.It Sy StandardErrorPath <string>
282This optional key specifies what file should be used for data being sent to stderr when using
283.Xr stdio 3 .
284.It Sy Debug <boolean>
285This optional key specifies that
286.Nm launchd
287should adjust its log mask temporarily to LOG_DEBUG while dealing with this job.
288.It Sy WaitForDebugger <boolean>
289This optional key specifies that
290.Nm launchd
291should instruct the kernel to have the job wait for a debugger to attach before any code in the job is executed.
292.It Sy SoftResourceLimits <dictionary of integers>
293.It Sy HardResourceLimits <dictionary of integers>
294Resource limits to be imposed on the job. These adjust variables set with
295.Xr setrlimit 2 .
296The following keys apply:
297.Bl -ohang -offset indent
298.It Sy Core <integer>
299The largest size (in bytes) core file that may be created.
300.It Sy CPU <integer>
301The maximum amount of cpu time (in seconds) to be used by each process.
302.It Sy Data <integer>
303The maximum size (in bytes) of the data segment for a process; this defines how far a program may extend its break with the
304.Xr sbrk 2
305system call.
306.It Sy FileSize <integer>
307The largest size (in bytes) file that may be created.
308.It Sy MemoryLock <integer>
309The maximum size (in bytes) which a process may lock into memory using the
310.Xr mlock 2
311function.
312.It Sy NumberOfFiles <integer>
313The maximum number of open files for this process.
314Setting this value in a system wide daemon will set the
315.Xr sysctl 3
316kern.maxfiles (SoftResourceLimits) or kern.maxfilesperproc (HardResourceLimits) value in addition to the
317.Xr setrlimit 2
318values.
319.It Sy NumberOfProcesses <integer>
320The maximum number of simultaneous processes for this user id.
321Setting this value in a system wide daemon will set the
322.Xr sysctl 3
323kern.maxproc (SoftResourceLimits) or kern.maxprocperuid (HardResourceLimits)
324value in addition to the
325.Xr setrlimit 2
326values.
327.It Sy ResidentSetSize <integer>
328The maximum size (in bytes) to which a process's resident set size may grow.
329This imposes a limit on the amount of physical memory to be given to a process;
330if memory is tight, the system will prefer to take memory from processes that
331are exceeding their declared resident set size.
332.It Sy Stack <integer>
333The maximum size (in bytes) of the stack segment for a process; this defines
334how far a program's stack segment may be extended. Stack extension is
335performed automatically by the system.
336.El
337.It Sy Nice <integer>
338This optional key specifies what
339.Xr nice 3
340value should be applied to the daemon.
341.It Sy AbandonProcessGroup <boolean>
342When a job dies,
343.Nm launchd
344kills any remaining processes with the same process group ID as the job.
345Setting this key to true disables that behavior.
346.It Sy HopefullyExitsFirst <boolean>
347This optional key causes programs to exit earlier during system shutdown.
348This key exists because some jobs do more than flush buffers and exit like
349they're supposed to. The use of this key should be considered a
350temporary solution until the software can be changed to only flush dirty buffers
351and then exit.
352.It Sy HopefullyExitsLast <boolean>
353This optional key causes programs to exit later during system shutdown. This
354key exists because some jobs don't reference count their clients, and therefore
355do not know when it is safe to exit. The use of this key should be considered a
356temporary solution until the software can be changed to properly reference
357count clients.
358.It Sy LowPriorityIO <boolean>
359This optional key specifies whether the kernel should consider this daemon to be low priority when doing file system I/O.
360.It Sy LaunchOnlyOnce <boolean>
361This optional key specifies whether the job can only be run once and only once.
362In other words, if the job cannot be safely respawned without a full machine
363reboot, then set this key to be true.
364.It Sy MachServices <dictionary of booleans or a dictionary of dictionaries>
365This optional key is used to specify Mach services to be registered with the
366Mach bootstrap sub-system. Each key in this dictionary should be the name of
367service to be advertised. The value of the key must be a boolean and set to true.
368Alternatively, a dictionary can be used instead of a simple true value.
369.Bl -ohang -offset indent
370.It Sy ResetAtClose <boolean>
371If this boolean is false, the port is recycled, thus leaving clients to remain oblivious
372to the demand nature of job. If the value is set to true, clients receive port
373death notifications when the job lets go of the receive right. The port will be
374recreated atomically with respect to bootstrap_look_up() calls, so that clients
375can trust that after receiving a port death notification, the new port will
376have already been recreated. Setting the value to true should be done with
377care. Not all clients may be able to handle this behavior. The default value is false.
378.It Sy HideUntilCheckIn <boolean>
379Reserve the name in the namespace, but cause bootstrap_look_up() to fail until the job has checked in with
380.Nm launchd .
381.El
382.Pp
383Finally, for the job itself, the values will be replaced with Mach ports at the time of check-in with
384.Nm launchd .
385.It Sy Sockets <dictionary of dictionaries... OR dictionary of array of dictionaries...>
386This optional key is used to specify launch on demand sockets that can be used to let
387.Nm launchd
388know when to run the job. The job must check-in to get a copy of the file descriptors using APIs outlined in
389.Xr launch 3 .
390The keys of the top level Sockets dictionary can be anything. They are meant for the application developer to use to
391differentiate which descriptors correspond to which application level protocols (e.g. http vs. ftp vs. DNS...).
392At check-in time, the value of each Sockets dictionary key will be an array of descriptors. Daemon/Agent writers should
393consider all descriptors of a given key to be to be effectively equivalent, even though each file descriptor likely represents
394a different networking protocol which conforms to the criteria specified in the job configuration file.
395.Pp
396The parameters below are used as inputs to call
397.Xr getaddrinfo 3 .
398.Bl -ohang -offset indent
399.It Sy SockType <string>
400This optional key tells
401.Nm launchctl
402what type of socket to create. The default is "stream" and other valid values for this key
403are "dgram" and "seqpacket" respectively.
404.It Sy SockPassive <boolean>
405This optional key specifies whether
406.Xr listen 2
407or
408.Xr connect 2
409should be called on the created file descriptor. The default is true ("to listen").
410.It Sy SockNodeName <string>
411This optional key specifies the node to
412.Xr connect 2
413or
414.Xr bind 2
415to.
416.It Sy SockServiceName <string>
417This optional key specifies the service on the node to
418.Xr connect 2
419or
420.Xr bind 2
421to.
422.It Sy SockFamily <string>
423This optional key can be used to specifically request that "IPv4" or "IPv6" socket(s) be created.
424.It Sy SockProtocol <string>
425This optional key specifies the protocol to be passed to
426.Xr socket 2 .
427The only value understood by this key at the moment is "TCP".
428.It Sy SockPathName <string>
429This optional key implies SockFamily is set to "Unix". It specifies the path to
430.Xr connect 2
431or
432.Xr bind 2
433to.
434.It Sy SecureSocketWithKey <string>
435This optional key is a variant of SockPathName. Instead of binding to a known
436path, a securely generated socket is created and the path is assigned to the
437environment variable that is inherited by all jobs spawned by launchd.
438.It Sy SockPathMode <integer>
439This optional key specifies the mode of the socket. Known bug: Property lists
440don't support octal, so please convert the value to decimal.
441.It Sy Bonjour <boolean or string or array of strings>
442This optional key can be used to request that the service be registered with the
443.Xr mDNSResponder 8 .
444If the value is boolean, the service name is inferred from the SockServiceName.
445.It Sy MulticastGroup <string>
446This optional key can be used to request that the datagram socket join a multicast group.
447If the value is a hostname, then
448.Xr getaddrinfo 3
449will be used to join the correct multicast address for a given socket family.
450If an explicit IPv4 or IPv6 address is given, it is required that the
451SockFamily family also be set, otherwise the results are undefined.
452.El
453.El
454.Pp
455.Sh DEPENDENCIES
456Unlike many bootstrapping daemons, launchd has no explicit dependency model.
457Interdependencies are expected to be solved through the use of IPC.
458It is therefore in the best interest of a job developer who expects dependents
459to define all of the sockets in the configuration file. This has the added
460benefit of making it possible to start the job based on demand instead of
461immediately.
462.Sh EXAMPLE XML PROPERTY LISTS
463.Pp
464The following XML Property List simply keeps "exampled" running continuously:
465.Pp
466.Dl <?xml version="1.0" encoding="UTF-8"?>
467.Dl <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
468.Dl <plist version="1.0">
469.Dl <dict>
470.Dl <key>Label</key>
471.Dl <string>com.example.exampled</string>
472.Dl <key>ProgramArguments</key>
473.Dl <array>
474.Dl <string>exampled</string>
475.Dl </array>
476.Dl <key>KeepAlive</key>
477.Dl <true/>
478.Dl </dict>
479.Dl </plist>
480.Pp
481.Sh FILES
482.Bl -tag -width "/System/Library/LaunchDaemons" -compact
483.It Pa ~/Library/LaunchAgents
484Per-user agents provided by the user.
485.It Pa /Library/LaunchAgents
486Per-user agents provided by the administrator.
487.It Pa /Library/LaunchDaemons
488System-wide daemons provided by the administrator.
489.It Pa /System/Library/LaunchAgents
490Per-user agents provided by Mac OS X.
491.It Pa /System/Library/LaunchDaemons
492System-wide daemons provided by Mac OS X.
493.El
494.Sh SEE ALSO
495.Xr launchctl 1 ,
496.Xr sysctl 3 ,
497.Xr launchd 8 ,
498.Xr plist 5