+++ /dev/null
-.\" Copyright (c) 2002, Apple Computer, Inc. All rights reserved.
-.\"
-.Dd March 20, 2002
-.Dt MACH_INIT 8
-.Os "Mac OS X"
-.Sh NAME
-.Nm mach_init
-.Nd Mach service naming (bootstrap) daemon
-.Sh SYNOPSIS
-.Nm mach_init
-.Op Fl D
-.Op Fl d
-.Op Fl F
-.Op Fl r Ar name-in-existing-server
-.Sh DESCRIPTION
-.Nm mach_init
-is a daemon that maintains various mappings between service names and
-the Mach ports that provide access to those services. Clients of mach_init
-can register and lookup services, create new mapping subsets, and
-associate services with declared servers. The mach_init daemon will
-also be responsible for launching (and/or re-launching) those service
-providing servers when attempts to use one or more of the associated services
-is detected.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl D
-When the
-.Fl D
-option is specified,
-.Nm mach_init
-starts in normal (non-debug) mode. Logging is minimal (only security-related
-and process launch failures are logged). Core dumps are disabled for launched
-servers. This is the default.
-.It Fl d
-When the
-.Fl d
-option is specified,
-.Nm mach_init
-starts in debug mode. Logging is extensive. Core dumps will be taken for any
-launched servers that crash.
-.It Fl F
-When the
-.Fl F
-option is specified,
-.Nm mach_init
-forks during initialization so that it doesn't have to be put in
-the background manually by the caller.
-.It Fl r
-Using the
-.Fl r
-option tells
-.Nm mach_init
-to register itself in a previously running copy of
-.Nm mach_init
-under the service name
-.Ar name-in-existing-server.
-This is most useful when debugging new instances of
-.Nm mach_init
-itself, but can also be used for robustness or to allow the subsequent
-.Nm mach_init
-processes to run as a non-root user. As mach_init is often used to
-launch servers, this could be more secure. However,
-.Nm mach_init
-will not allow a server declaration to specify a user id different
-than that of the requesting client (unless the client is running as root).
-So it shouldn't be required for a secure configuration.
-.El
-.Pp
-Access to
-.Nm mach_init
-is provided through the bootstrap series of RPC APIs
-over service ports published by mach_init itself. Each Mach task has
-an assigned bootstrap port retrieved via task_get_bootstrap_port().
-These bootstrap port registrations are inherited across fork().
-.Pp
-The service registrations are grouped into subsets, providing a level
-of security. Only processes with access to the subset's bootstrap port
-will be able to register/lookup Mach ports within that subset. Lookups
-from within a subset will search the subset first, then move on to its
-parent, and then its grand-parent, etc... until a string name match is
-found or the top of the bootstrap tree is reached. Subsets are sometimes
-associated with login sessions to protect session-specific ports from being
-exposed outside the session.
-.Pp
-The first instance of
-.Nm mach_init
-is responsible for launching the traditional BSD process control initialization
-daemon (/sbin/init).
-.Sh SAMPLE USAGE
-.Pp
-mach_init -d -r com.company.bootstrap
-.Pp
-.Nm mach_init
-will start in debug mode, and register itself in an already running
-instance of
-.Nm mach_init
-under the service name com.company.bootstrap.
-.Sh NOTE
-.Pp
-Sending a SIGHUP to a running mach_init will toggle debug mode.
-.Sh SEE ALSO
-.Xr init 8
projects / apple / system_cmds.git / blobdiff