Launching Network System Extension from LaunchAgent

In another question on this forum (https://developer.apple.com/forums/thread/124775) eskimo stated that launching a system extension from an daemon is not the right approach and that the OSSystemExtensionRequest.activationRequest API should be called from an App.

My question is, does this same restriction apply to a LaunchAgent started App?

If so, to ensure activation as soon as possible is the only option to use a SMLoginItemSetEnabled helper to start the App on login?

Up vote post of muddymurphydog Down vote post of muddymurphydog
949 views
Posted by
muddymurphydog
Reply
Add a Comment

Replies

My question is, does this same restriction apply to a LaunchAgent started App?

Yes, do not activate a System Extension from a daemon, launch agent, command line tool, helper app, or any other mechanism other than the Container App for the extension. Doing so may cause issues and inconsistencies when deactivating and uninstalling.

Also, a Network System Extension on macOS is started when the system starts so you should not need to worry about starting the extension as soon as possible. Last I knew, networking on the system was not allowed until the Network System Extension was started.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
Posted by
meaton
Up vote reply of meaton Down vote reply of meaton
Post marked as solved
Add a Comment

Thanks for the clarification, Matt.

If our app is installed or updated without a user login active, ie via MDM like JAMF, how should we ensure the Container App is run on login so that the system extension activation or update (ie .replace) is performed?

I'm trying to use a Helper application installed using SMLoginItemSetEnabled but it's not starting the App. However, will that even work from a MDM install?

Posted by
muddymurphydog
Up vote reply of muddymurphydog Down vote reply of muddymurphydog
Add a Comment

If our app is installed or updated without a user login active, ie via MDM like JAMF, how should we ensure the Container App is run on login so that the system extension activation or update (ie .replace) is performed?

Are you able to run an open command from a post install script on startup to make sure your container app is opened to complete the installation / activation flow?

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
Posted by
meaton
Up vote reply of meaton Down vote reply of meaton
Add a Comment

Yes, do not activate a System Extension from a daemon, launch agent, command line tool, helper app, or any other mechanism other than the Container App for the extension. Doing so may cause issues and inconsistencies when deactivating and uninstalling.

Can my launch agent be the Container App for the system extension? Or does it need to be separate?

Posted by
tagnal
Up vote reply of tagnal Down vote reply of tagnal
Add a Comment

Can my launch agent be the Container App for the system extension?

See here for my standard advice on that topic.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment