是否可以从以root用户身份运行的进程中运行pluginkit? [英] Is it possible to run pluginkit from a process running as root?
问题描述
我试图从以root用户身份运行的启动守护程序中运行pluginkit(管理OS X上的扩展程序的可执行文件).
I'm trying to run pluginkit (The executable that manages extensions on OS X) from a launch daemon running as root.
/usr/bin/pluginkit -m -i "<identifier>"失败,输出为match: Connection invalid.这并不是非常意外的事情,因为扩展设置是根据每个用户来处理的.
/usr/bin/pluginkit -m -i "<identifier>" fails with an output of match: Connection invalid. This is not terribly unexpected, since extension settings are handled on a per-user basis.
但是,我尝试使用su作为普通用户运行pluginkit,但仍然无法正常工作.
However, I've tried to use su to run pluginkit as a normal user, and it still doesn't work.
su <username> -l -c "/usr/bin/pluginkit -m -i "<identifier>"也失败,输出为match: Connection invalid.
在某种程度上,pluginkit所运行的环境与普通用户仍然存在很大差异,因此无法正常工作.无论如何,以root身份运行pluginkit?还是有其他方法可以以另一个用户身份启动一个流程,而该流程可能会提供更完整的环境?
Somehow the environment that pluginkit is running in is still different enough from a normal user that it doesn't work properly. Is there anyway to run pluginkit as root? Or is there any other way to launch a process as another user that might provide a more complete environment?
我正在使用用Swift编写的命令行工具对此进行测试:
I'm testing this with a command line tool written in Swift:
main.swift
import Foundation
let task = NSTask()
// Option 1: Run pluginkit directly
task.launchPath="/usr/bin/pluginkit"
task.arguments = ["-m", "-i", "com.example.findersyncext"]
// Option 2: Run pluginkit as <username> using 'su'
//task.launchPath="/usr/bin/su"
//task.arguments = ["<username>", "-l", "-c", "/usr/bin/pluginkit -m -i \"com.example.findersyncext\""]
// Option 3: Run pluginkit as <username> using 'sudo'
//task.launchPath="/usr/bin/sudo"
//task.arguments = ["-u", "<username>", "/usr/bin/pluginkit", "-m", "-i", "com.example.findersyncext"]
task.standardOutput = NSPipe()
task.standardError = NSPipe()
task.launch()
task.waitUntilExit()
NSLog("Exit code: \(task.terminationStatus)")
let output = NSString(data: (task.standardOutput!.fileHandleForReading.readDataToEndOfFile()), encoding: NSUTF8StringEncoding)
NSLog("Output: \(output)")
let error = NSString(data: (task.standardError!.fileHandleForReading.readDataToEndOfFile()), encoding: NSUTF8StringEncoding)
NSLog("Error: \(error)")
/Library/LaunchDaemons/com.example.PluginKitTest.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.example.PluginKitTest</string>
<key>Program</key>
<string>/path/to/PluginKitTest</string>
<key>RunAtLoad</key>
<true/>
<key>StandardErrorPath</key>
<string>/Users/<username>/Desktop/pluginkit-error.log</string>
<key>StandardOutPath</key>
<string>/Users/<username>/Desktop/pluginkit-out.log</string>
</dict>
</plist>
推荐答案
事实证明,还有su命令未设置的其他用户上下文,需要使用命令launchctl asuser进行设置.因此,我能够通过更新命令来调用launchctl asuser和su来更新上下文的所有方面来解决我的问题:
It turns out that there is additional user context that is not set by the su command, that needs to be set by using the command launchctl asuser. So, I was able to solve my problem by updating my command to invoke both launchctl asuser and su to update all aspects of the context:
launchctl asuser $USER_UID su $USER_UID -c "<command>"
根据launchctl asuser的文档:
采用的属性包括Mach引导程序名称空间,异常服务器和安全审核会话.
Adopted attributes include the Mach bootstrap namespace, exception server and security audit session.
我对这些概念还不太熟悉,无法确切地告诉您它们的作用,但是足以使pluginkit正常工作.
I'm not familiar enough with these concepts to tell you exactly what these do, but it was enough to get pluginkit working.
这篇关于是否可以从以root用户身份运行的进程中运行pluginkit?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
