On 19 Aug 2016, at 18:30, James Bucanek <subscri...@gloaming.com> wrote:
> My solution is to install the switchboard as a system daemon > (/Library/LaunchDaemons), so it's globally reachable. To tighten security, > the daemon uses the <key>UserName</key> property so the daemon runs as that > particular user, and the service rejects any XPC connections from a process > with an effective UID of an unknown user. Its sounds like you’re well on the way to a solution but I’m curious about the above. In general the `UserName` property for a launchd daemon is for role accounts. Putting a user account there is weird because what user do specify? If there are two users simultaneously logged in (via fast user switching, or truly simultaneously via screen sharing), surely one of them has to miss out. Share and Enjoy -- Quinn "The Eskimo!" <http://www.apple.com/developer/> Apple Developer Relations, Developer Technical Support, Core OS/Hardware _______________________________________________ launchd-dev mailing list launchd-dev@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/launchd-dev
