I'm trying to run pluginkit
(The executable that manages extensions on OS X) from a launch daemon running as root.
/usr/bin/pluginkit -m -i "<identifier>"
fails with an output of match: Connection invalid
. This is not terribly unexpected, since extension settings are handled on a per-user basis.
However, I've tried to use su
to run pluginkit
as a normal user, and it still doesn't work.
su <username> -l -c "/usr/bin/pluginkit -m -i "<identifier>"
also fails with an output of match: Connection invalid
.
Somehow the environment that pluginkit is running in is still different enough from a normal user that it doesn't work properly. Is there anyway to run pluginkit as root? Or is there any other way to launch a process as another user that might provide a more complete environment?
I'm testing this with a command line tool written in Swift:
main.swift
import Foundation
let task = NSTask()
// Option 1: Run pluginkit directly
task.launchPath="/usr/bin/pluginkit"
task.arguments = ["-m", "-i", "com.example.findersyncext"]
// Option 2: Run pluginkit as <username> using 'su'
//task.launchPath="/usr/bin/su"
//task.arguments = ["<username>", "-l", "-c", "/usr/bin/pluginkit -m -i \"com.example.findersyncext\""]
// Option 3: Run pluginkit as <username> using 'sudo'
//task.launchPath="/usr/bin/sudo"
//task.arguments = ["-u", "<username>", "/usr/bin/pluginkit", "-m", "-i", "com.example.findersyncext"]
task.standardOutput = NSPipe()
task.standardError = NSPipe()
task.launch()
task.waitUntilExit()
NSLog("Exit code: \(task.terminationStatus)")
let output = NSString(data: (task.standardOutput!.fileHandleForReading.readDataToEndOfFile()), encoding: NSUTF8StringEncoding)
NSLog("Output: \(output)")
let error = NSString(data: (task.standardError!.fileHandleForReading.readDataToEndOfFile()), encoding: NSUTF8StringEncoding)
NSLog("Error: \(error)")
/Library/LaunchDaemons/com.example.PluginKitTest.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.example.PluginKitTest</string>
<key>Program</key>
<string>/path/to/PluginKitTest</string>
<key>RunAtLoad</key>
<true/>
<key>StandardErrorPath</key>
<string>/Users/<username>/Desktop/pluginkit-error.log</string>
<key>StandardOutPath</key>
<string>/Users/<username>/Desktop/pluginkit-out.log</string>
</dict>
</plist>
It turns out that there is additional user context that is not set by the
su
command, that needs to be set by using the commandlaunchctl asuser
. So, I was able to solve my problem by updating my command to invoke bothlaunchctl asuser
andsu
to update all aspects of the context:launchctl asuser $USER_UID su $USER_UID -c "<command>"
According to the documentation of
launchctl asuser
:I'm not familiar enough with these concepts to tell you exactly what these do, but it was enough to get
pluginkit
working.