]> git.saurik.com Git - apple/system_cmds.git/blob - mach_init.tproj/mach_init.8
system_cmds-279.tar.gz
[apple/system_cmds.git] / mach_init.tproj / mach_init.8
1 .\" Copyright (c) 2002, Apple Computer, Inc. All rights reserved.
2 .\"
3 .Dd March 20, 2002
4 .Dt MACH_INIT 8
5 .Os "Mac OS X"
6 .Sh NAME
7 .Nm mach_init
8 .Nd Mach service naming (bootstrap) daemon
9 .Sh SYNOPSIS
10 .Nm mach_init
11 .Op Fl D
12 .Op Fl d
13 .Op Fl F
14 .Op Fl r Ar name-in-existing-server
15 .Sh DESCRIPTION
16 .Nm mach_init
17 is a daemon that maintains various mappings between service names and
18 the Mach ports that provide access to those services. Clients of mach_init
19 can register and lookup services, create new mapping subsets, and
20 associate services with declared servers. The mach_init daemon will
21 also be responsible for launching (and/or re-launching) those service
22 providing servers when attempts to use one or more of the associated services
23 is detected.
24 .Pp
25 The options are as follows:
26 .Bl -tag -width Ds
27 .It Fl D
28 When the
29 .Fl D
30 option is specified,
31 .Nm mach_init
32 starts in normal (non-debug) mode. Logging is minimal (only security-related
33 and process launch failures are logged). Core dumps are disabled for launched
34 servers. This is the default.
35 .It Fl d
36 When the
37 .Fl d
38 option is specified,
39 .Nm mach_init
40 starts in debug mode. Logging is extensive. Core dumps will be taken for any
41 launched servers that crash.
42 .It Fl F
43 When the
44 .Fl F
45 option is specified,
46 .Nm mach_init
47 forks during initialization so that it doesn't have to be put in
48 the background manually by the caller.
49 .It Fl r
50 Using the
51 .Fl r
52 option tells
53 .Nm mach_init
54 to register itself in a previously running copy of
55 .Nm mach_init
56 under the service name
57 .Ar name-in-existing-server.
58 This is most useful when debugging new instances of
59 .Nm mach_init
60 itself, but can also be used for robustness or to allow the subsequent
61 .Nm mach_init
62 processes to run as a non-root user. As mach_init is often used to
63 launch servers, this could be more secure. However,
64 .Nm mach_init
65 will not allow a server declaration to specify a user id different
66 than that of the requesting client (unless the client is running as root).
67 So it shouldn't be required for a secure configuration.
68 .El
69 .Pp
70 Access to
71 .Nm mach_init
72 is provided through the bootstrap series of RPC APIs
73 over service ports published by mach_init itself. Each Mach task has
74 an assigned bootstrap port retrieved via task_get_bootstrap_port().
75 These bootstrap port registrations are inherited across fork().
76 .Pp
77 The service registrations are grouped into subsets, providing a level
78 of security. Only processes with access to the subset's bootstrap port
79 will be able to register/lookup Mach ports within that subset. Lookups
80 from within a subset will search the subset first, then move on to its
81 parent, and then its grand-parent, etc... until a string name match is
82 found or the top of the bootstrap tree is reached. Subsets are sometimes
83 associated with login sessions to protect session-specific ports from being
84 exposed outside the session.
85 .Pp
86 The first instance of
87 .Nm mach_init
88 is responsible for launching the traditional BSD process control initialization
89 daemon (/sbin/init).
90 .Sh SAMPLE USAGE
91 .Pp
92 mach_init -d -r com.company.bootstrap
93 .Pp
94 .Nm mach_init
95 will start in debug mode, and register itself in an already running
96 instance of
97 .Nm mach_init
98 under the service name com.company.bootstrap.
99 .Sh NOTE
100 .Pp
101 Sending a SIGHUP to a running mach_init will toggle debug mode.
102 .Sh SEE ALSO
103 .Xr init 8