MACH_INIT(8) BSD System Manager's Manual MACH_INIT(8)NAMEmach_init — Mach service naming (bootstrap) daemon
SYNOPSISmach_init [-D] [-d] [-F] [-r name-in-existing-server]
DESCRIPTIONmach_init is a daemon that maintains various mappings between service
names and the Mach ports that provide access to those services. Clients
of mach_init can register and lookup services, create new mapping sub‐
sets, and associate services with declared servers. The mach_init daemon
will also be responsible for launching (and/or re-launching) those ser‐
vice providing servers when attempts to use one or more of the associated
services is detected.
The options are as follows:
-D When the -D option is specified, mach_init starts in normal (non-
debug) mode. Logging is minimal (only security-related and
process launch failures are logged). Core dumps are disabled for
launched servers. This is the default.
-d When the -d option is specified, mach_init starts in debug mode.
Logging is extensive. Core dumps will be taken for any launched
servers that crash.
-F When the -F option is specified, mach_init forks during initial‐
ization so that it doesn't have to be put in the background manu‐
ally by the caller.
-r Using the -r option tells mach_init to register itself in a pre‐
viously running copy of mach_init under the service name
name-in-existing-server. This is most useful when debugging new
instances of mach_init itself, but can also be used for robust‐
ness or to allow the subsequent mach_init processes to run as a
non-root user. As mach_init is often used to launch servers,
this could be more secure. However, mach_init will not allow a
server declaration to specify a user id different than that of
the requesting client (unless the client is running as root). So
it shouldn't be required for a secure configuration.
Access to mach_init is provided through the bootstrap series of RPC APIs
over service ports published by mach_init itself. Each Mach task has an
assigned bootstrap port retrieved via task_get_bootstrap_port(). These
bootstrap port registrations are inherited across fork().
The service registrations are grouped into subsets, providing a level of
security. Only processes with access to the subset's bootstrap port will
be able to register/lookup Mach ports within that subset. Lookups from
within a subset will search the subset first, then move on to its parent,
and then its grand-parent, etc... until a string name match is found or
the top of the bootstrap tree is reached. Subsets are sometimes associ‐
ated with login sessions to protect session-specific ports from being
exposed outside the session.
The first instance of mach_init is responsible for launching the tradi‐
tional BSD process control initialization daemon (/sbin/init).
SAMPLE USAGEmach_init-d -r com.company.bootstrap
mach_init will start in debug mode, and register itself in an already
running instance of mach_init under the service name com.company.boot‐
Sending a SIGHUP to a running mach_init will toggle debug mode.
SEE ALSOinit(8)Mac OS X March 20, 2002 Mac OS X