January 2014 - vilimblog

Obscure VirtualBox Errors

You might get this weird VirtualBox error if, for instance, you’ve tried to start a virtual machine in GUI mode, but haven’t yet logged into the system graphically. This is most important on headless Linux or OS X systems.

$ vboxmanage startvm "Some Virtual Machine" Waiting for VM "Some Virtual Machine" to power on... VBoxManage: error: The VM session was aborted VBoxManage: error: Details: code NS_ERROR_FAILURE (0x80004005), component SessionMachine, interface ISession

To get around this make sure you add --type headless to the vboxmanage startvm call, or just use the VBoxHeadless machine starter.

Not Bothering

VirtualBox has a pretty good remote desktop server built in, but securing it can be a pain if you’re actually doing it properly, using Transport Layer Security (TLS) certificates and the like.

I’ve created a script to handle setting these certificates and username/password pairs, based on the VirtualBox manual, but it seems almost overkill to me for my use case.

There’s an easier way to do it if you’re not trying to set up a whole bunch of headless VirtualBox instances for many different people. The trick is to set the authentication type to Null, but only start the Remote Desktop server on localhost:

VBoxManage modifyvm "${VM_NAME}" --vrdeauthtype "null" VBoxManage modifyvm "${VM_NAME}" --vrdeaddress "127.0.0.1" VBoxManage modifyvm "${VM_NAME}" --vrdeport "${VRDE_PORT}"

1

2

3

VBoxManage modifyvm "${VM_NAME}" --vrdeauthtype "null"

VBoxManage modifyvm "${VM_NAME}" --vrdeaddress "127.0.0.1"

VBoxManage modifyvm "${VM_NAME}" --vrdeport "${VRDE_PORT}"

If you’re using the secure-box-rdp.sh script I wrote, this is simplified to:

./secure-vbox-rdp.sh -v virtual-machine-name -N -P remote-desktop-port

You just provide the virtual machine name and port number you’d like to use, and the script does the rest.

Then, all you have to do is set up an SSH tunnel into the virtual machine host, and none of the VMs set up this way are exposed to the outside world. Better still, it’s not clear how hard of a security audit the VirtualBox TLS implementation has gone through, but SSH is the constantly-reviewed bedrock of internet security.

Using plink on windows, it looks something like:

plink -v -ssh -l yourloginname -L 5000:localhost:5000 -C -N some.domain.com

Using ssh, it looks something like:

ssh -fCNq -L 5000:localhost:5000 yourloginname@some.domain.com

Once the tunnel is connected properly, you can just connect to the virtual machines via localhost:VRDE_PORT, and all of the tunneled traffic is automatically encrypted, for the win!

Time-Robbing Python Errors

Ran into a problem while attempting to get Python provisioned automatically in Windows. I could install Python as an administrator, but when I would switch into a Limited User Account and attempt to use pip or virtualenv, I’d get nothing but obscure failure.

The key phrase that kept popping up was:

“WindowsError: [Error 183] Cannot create a file when that file already exists: ‘C:\\Documents and Settings\\Administrator\\.distlib'”

as distlib kept trying to put things into the admin account by default.

C:\provision-windows-master>pip install virtualenv
Traceback (most recent call last):
  File "c:\Python27\Scripts\pip-script.py", line 9, in <module>
    load_entry_point('pip==1.5', 'console_scripts', 'pip')()
  File "build\bdist.win32\egg\pkg_resources.py", line 353, in load_entry_point
  File "build\bdist.win32\egg\pkg_resources.py", line 2302, in load_entry_point
  File "build\bdist.win32\egg\pkg_resources.py", line 2029, in load
  File "C:\Python27\lib\site-packages\pip\__init__.py", line 11, in <module>
    from pip.vcs import git, mercurial, subversion, bazaar  # noqa
  File "C:\Python27\lib\site-packages\pip\vcs\subversion.py", line 4, in <module>
    from pip.index import Link
  File "C:\Python27\lib\site-packages\pip\index.py", line 16, in <module>
    from pip.wheel import Wheel, wheel_ext, wheel_setuptools_support
  File "C:\Python27\lib\site-packages\pip\wheel.py", line 23, in <module>
    from pip._vendor.distlib.scripts import ScriptMaker
  File "C:\Python27\lib\site-packages\pip\_vendor\distlib\scripts.py", line 15, in <module>
    from .resources import finder
  File "C:\Python27\lib\site-packages\pip\_vendor\distlib\resources.py", line 105, in <module>
    cache = Cache()
  File "C:\Python27\lib\site-packages\pip\_vendor\distlib\resources.py", line 40, in __init__
    base = os.path.join(get_cache_base(), 'resource-cache')
  File "C:\Python27\lib\site-packages\pip\_vendor\distlib\util.py", line 602, in get_cache_base
    os.makedirs(result)
  File "C:\Python27\lib\os.py", line 157, in makedirs
    mkdir(name, mode)
WindowsError: [Error 183] Cannot create a file when that file already exists: 'C:\\Documents and Settings\\Strong\\.distlib'

C:\provision-windows-master>pip install virtualenv

Traceback (most recent call last):

File "c:\Python27\Scripts\pip-script.py", line 9, in <module>

load_entry_point('pip==1.5', 'console_scripts', 'pip')()

File "build\bdist.win32\egg\pkg_resources.py", line 353, in load_entry_point

File "build\bdist.win32\egg\pkg_resources.py", line 2302, in load_entry_point

File "build\bdist.win32\egg\pkg_resources.py", line 2029, in load

File "C:\Python27\lib\site-packages\pip\__init__.py", line 11, in <module>

from pip.vcs import git, mercurial, subversion, bazaar # noqa

File "C:\Python27\lib\site-packages\pip\vcs\subversion.py", line 4, in <module>

from pip.index import Link

File "C:\Python27\lib\site-packages\pip\index.py", line 16, in <module>

from pip.wheel import Wheel, wheel_ext, wheel_setuptools_support

File "C:\Python27\lib\site-packages\pip\wheel.py", line 23, in <module>

from pip._vendor.distlib.scripts import ScriptMaker

File "C:\Python27\lib\site-packages\pip\_vendor\distlib\scripts.py", line 15, in <module>

from .resources import finder

File "C:\Python27\lib\site-packages\pip\_vendor\distlib\resources.py", line 105, in <module>

cache = Cache()

File "C:\Python27\lib\site-packages\pip\_vendor\distlib\resources.py", line 40, in __init__

base = os.path.join(get_cache_base(), 'resource-cache')

File "C:\Python27\lib\site-packages\pip\_vendor\distlib\util.py", line 602, in get_cache_base

os.makedirs(result)

File "C:\Python27\lib\os.py", line 157, in makedirs

mkdir(name, mode)

WindowsError: [Error 183] Cannot create a file when that file already exists: 'C:\\Documents and Settings\\Strong\\.distlib'

To make sense of the error, I had to dig into the closest code to the WindowsError that was thrown, which looked like this:

def get_cache_base(suffix=None):
    """
    Return the default base location for distlib caches. If the directory does
    not exist, it is created. Use the suffix provided for the base directory,
    and default to '.distlib' if it isn't provided.

    On Windows, if LOCALAPPDATA is defined in the environment, then it is
    assumed to be a directory, and will be the parent directory of the result.
    On POSIX, and on Windows if LOCALAPPDATA is not defined, the user's home
    directory - using os.expanduser('~') - will be the parent directory of
    the result.

    The result is just the directory '.distlib' in the parent directory as
    determined above, or with the name specified with ``suffix``.
    """
    if suffix is None:
        suffix = '.distlib'
    if os.name == 'nt' and 'LOCALAPPDATA' in os.environ:
        result = os.path.expandvars('$localappdata')
    else:
        # Assume posix, or old Windows
        result = os.path.expanduser('~')
    result = os.path.join(result, suffix)
    # we use 'isdir' instead of 'exists', because we want to
    # fail if there's a file with that name
    if not os.path.isdir(result):
        os.makedirs(result)
    return result

def get_cache_base(suffix=None):

"""

Return the default base location for distlib caches. If the directory does

not exist, it is created. Use the suffix provided for the base directory,

and default to '.distlib' if it isn't provided.

On Windows, if LOCALAPPDATA is defined in the environment, then it is

assumed to be a directory, and will be the parent directory of the result.

On POSIX, and on Windows if LOCALAPPDATA is not defined, the user's home

directory - using os.expanduser('~') - will be the parent directory of

the result.

The result is just the directory '.distlib' in the parent directory as

determined above, or with the name specified with ``suffix``.

"""

if suffix is None:

suffix = '.distlib'

if os.name == 'nt' and 'LOCALAPPDATA' in os.environ:

result = os.path.expandvars('$localappdata')

else:

# Assume posix, or old Windows

result = os.path.expanduser('~')

result = os.path.join(result, suffix)

# we use 'isdir' instead of 'exists', because we want to

# fail if there's a file with that name

if not os.path.isdir(result):

os.makedirs(result)

return result

Lo and behold, setting the LOCALAPPDATA environment variable to some writeable folder to which the Limited user has acccess will fix the issue. But it strikes me as a place where the os.path.expandvars() call should probably check the APPDATA environment variable too.

And, for whatever odd reason, it seems like the os.path.expanduser() call uses the user credentials associated with the Python executable or something, because at no point as I’m running this code as a Limited User, do I specify that I want the code to act like it is an Administrator. It’s a bit odd.

C:\Documents and Settings\Limited\Desktop>set
APPDATA=C:\Documents and Settings\Limited\Application Data

C:\Documents and Settings\Limited\Desktop>set LOCALAPPDATA=%APPDATA%

C:\Documents and Settings\Limited\Desktop>virtualenv venv
New python executable in venv\Scripts\python.exe
Installing setuptools, pip...done.

C:\Documents and Settings\Limited\Desktop>set

APPDATA=C:\Documents and Settings\Limited\Application Data

C:\Documents and Settings\Limited\Desktop>set LOCALAPPDATA=%APPDATA%

C:\Documents and Settings\Limited\Desktop>virtualenv venv

New python executable in venv\Scripts\python.exe

Installing setuptools, pip...done.

In any case, it works, but the solution is less than obvious.

Provisioning OS X and Disabling Unnecessary Services

I’ve been messing with system provisioning quite a bit lately. i.e. How can I repeatably and consistently configure a system to a known state?

I’ve posted a script to Github that performs provisioning to free up as much RAM as possible on an OS X server system.

OS X is a hairy operating system though, since Apple provides little to no detail about the system services they enable on a freshly-installed machine. This is annoying.

Here are some techniques I use to determine which services can be disabled, and what subsystems they relate to.

First of all, you can get a sense of all of the services run at launch time by running launchctl list:

$ launchctl list
PID         Status      Label
1874        -           0x7fbbebe2ec80.anonymous.diskimages-help
409         -           0x7fbbebe06c30.anonymous.installd
363         -           [0x0-0x16016].com.apple.AppleSpell
191         -           0x7fbbebe2e9d0.anonymous.com.apple.dock.
84          -           0x7fbbebf00910.anonymous.WindowServer
-           0           org.openbsd.ssh-agent
-           0           com.apple.ZoomWindow
198         -           com.apple.wifi.WiFiKeychainProxy
-           0           com.apple.WebKit.PluginAgent
-           0           com.apple.warmd_agent
-           0           com.apple.VoiceOver
-           0           com.apple.UserNotificationCenterAgent
181         -           com.apple.usernoted
151         -           com.apple.UserEventAgent-Aqua
-           0           com.apple.USBAgent
-           0           com.apple.unmountassistant.useragent
-           0           com.apple.universalaccessd
-           0           com.apple.universalaccesscontrol
-           0           com.apple.universalaccessAuthWarn
176         -           com.apple.ubd
-           0           com.apple.TMHelperAgent.SetupOffer
-           0           com.apple.TMHelperAgent
-           0           com.apple.tiswitcher
-           0           com.apple.talagent
163         -           com.apple.SystemUIServer.agent
-           0           com.apple.systemprofiler
-           0           com.apple.syncservices.uihandler
-           0           com.apple.syncservices.SyncServer
-           0           com.apple.SubmitDiagInfo
233         -           com.apple.storeagent
-           0           com.apple.storehelper
-           0           com.apple.spindump_agent
-           0           com.apple.speech.synthesisserver
-           0           com.apple.speech.speechdatainstallerd
-           0           com.apple.speech.recognitionserver
-           0           com.apple.speech.feedbackservicesserver
-           0           com.apple.softwareupdate_notify_agent
199         -           com.apple.SocialPushAgent
193         -           com.apple.soagent
172         -           com.apple.sharingd
-           0           com.apple.ServiceManagement.LoginItems
-           0           com.apple.security.keychain-circle-notification
556         -           com.apple.security.DiskUnmountWatcher
-           0           com.apple.security.agentStub
-           0           com.apple.scrod
-           0           com.apple.screensharing.MessagesAgent
-           0           com.apple.screensharing.agent
-           0           com.apple.ScreenReaderUIServer
-           0           com.apple.scopedbookmarksagent.xpc
-           0           com.apple.SafariNotificationAgent
-           0           com.apple.safaridavclient
-           0           com.apple.ReportPanic
-           0           com.apple.ReportGPURestart
-           0           com.apple.ReportCrash.Self
-           0           com.apple.ReportCrash
-           0           com.apple.RemoteDesktop.agent
-           0           com.apple.reclaimspace
-           0           com.apple.recentsd
-           0           com.apple.rcd
-           0           com.apple.quicklook.ui.helper
-           0           com.apple.quicklook
-           0           com.apple.quicklook.config
-           0           com.apple.quicklook.32bit
-           0           com.apple.PubSub.Agent
-           0           com.apple.printuitool.agent
-           0           com.apple.printtool.agent
-           0           com.apple.pictd
-           0           com.apple.PCIESlotCheck
258         -           com.apple.pbs
169         -           com.apple.pboard
-           0           com.apple.parentalcontrols.check
-           0           com.apple.PackageKit.InstallStatus
-           0           com.apple.nsnetworkd
-           0           com.apple.NetworkDiagnostics
-           0           com.apple.netauth.user.gui
-           0           com.apple.midiserver
-           0           com.apple.metadata.mdwrite
-           0           com.apple.mdmclient.cloudconfig.agent
-           0           com.apple.mdmclient.agent
-           0           com.apple.maspushagent
-           0           com.apple.Maps.mapspushd
-           0           com.apple.ManagedClient.agent
-           0           com.apple.lookupd
-           0           com.apple.locationmenu
174         -           com.apple.librariand
202         -           com.apple.LaunchServices.lsboxd
1255        -           com.apple.lateragent
-           0           com.apple.java.updateSharing
-           0           com.apple.java.InstallOnDemandAgent
-           0           com.apple.isst
-           0           com.apple.installd.user
-           0           com.apple.IMLoggingAgent
-           0           com.apple.imklaunchagent
196         -           com.apple.imagent
204         -           com.apple.identityservicesd
-           0           com.apple.icloud.AOSNotificationAgent
-           0           com.apple.icbaccountsd
205         -           com.apple.helpd
-           0           com.apple.FTCleanup
-           0           com.apple.FontWorker
-           0           com.apple.ATS.FontValidatorConduit
-           0           com.apple.ATS.FontValidator
-           0           com.apple.FontRegistryUIAgent
173         -           com.apple.fontd
-           0           com.apple.findmymacmessenger
165         -           com.apple.Finder
-           0           com.apple.FilesystemUI
-           0           com.apple.FileStatsAgent
-           0           com.apple.familycontrols.useragent
2003        -           com.apple.EscrowSecurityAlert
-           0           com.apple.dt.CommandLineTools.installondemand
162         -           com.apple.Dock.agent
-           0           com.apple.DiskArbitrationAgent
-           0           com.apple.DiagnosticReportCleanUpAgent
-           0           com.apple.csuseragent
-           0           com.apple.coreservices.uiagent
207         -           com.apple.coreservices.appleid.authentication
-           0           com.apple.CoreRAIDAgent
-           0           com.apple.CoreLocationAgent
-           0           com.apple.coredata.externalrecordswriter
-           0           com.apple.cookied
-           0           com.apple.ContainerRepairAgent
-           0           com.apple.cmfsyncagent
-           0           com.apple.cfnetwork.cfnetworkagent
-           0           com.apple.cfnetwork.AuthBrokerAgent
-           0           com.apple.btsa
-           0           com.apple.bookstoreagent
-           0           com.apple.bluetoothUIServer
-           0           com.apple.BezelUIServer
-           0           com.apple.avrcpAgent
-           0           com.apple.AssistiveControl
-           0           com.apple.assistantd
-           0           com.apple.assistant_service
-           0           com.apple.apsctl
-           0           com.apple.appstoreupdateagent
-           0           com.apple.appsleep
-           0           com.apple.AOSPushRelay
-           0           com.apple.aos.migrate
-           0           com.apple.alf.useragent
-           0           com.apple.AirPortBaseStationAgent
-           0           com.apple.AddressBook.SourceSync
-           0           com.apple.AddressBook.AssistantService
-           0           com.apple.AddressBook.abd
211         -           com.apple.accountsd
56          -           0x7fbbebc04070.anonymous.loginwindow
-           0           com.apple.launchctl.Aqua
3808        -           0x7fbbebe2c910.anonymous.launchctl
3798        -           0x7fbbebc08ce0.anonymous.bash
3797        -           0x7fbbebc08a40.anonymous.sshd
3077        -           0x7fbbebc08790.anonymous.launchproxy
3786        -           0x7fbbebc05150.anonymous.sshd
28          -           0x7fbbebe06700.anonymous.authd
18          -           0x7fbbebc084e0.anonymous.diskarbitration
365         -           0x7fbbebc06e50.anonymous.com.apple.Input
197         -           0x7fbbebc05460.anonymous.IMDPersistenceA
182         -           0x7fbbebe2d3e0.anonymous.com.apple.IconS
95          -           0x7fbbebe2d110.anonymous.CVMServer
84          -           0x7fbbebc04810.anonymous.WindowServer
30          -           0x7fbbebe2cbd0.anonymous.coreservicesd
56          -           0x7fbbebd0a1b0.anonymous.loginwindow
-           0           com.apple.xmigrationhelper.user
-           0           com.apple.TrustEvaluationAgent
190         -           com.apple.tccd
-           0           com.apple.syncdefaultsd
-           0           com.apple.speech.speechsynthesisd
218         -           com.apple.security.cloudkeychainproxy3
216         -           com.apple.secd
-           0           com.apple.sbd
-           0           com.apple.pluginkit.pkd
-           0           com.apple.netauth.user.auth
-           0           com.apple.metadata.mdflagwriter
-           0           com.apple.mdworker.sizing
-           0           com.apple.mdworker.single
-           0           com.apple.mdworker.shared
-           0           com.apple.mdworker.mail
-           0           com.apple.mdworker.lsb
-           0           com.apple.mdworker.isolation
-           0           com.apple.mdworker.bundles
-           0           com.apple.mdworker.32bit
-           0           com.apple.mbpluginhost.user
-           0           com.apple.mbloginhelper.user
-           0           com.apple.KerberosHelper.LKDCHelper
-           0           com.apple.FileSyncAgent.PHD
152         -           com.apple.distnoted.xpc.agent
-           0           com.apple.cvmsCompAgentLegacy_x86_64_1
-           0           com.apple.cvmsCompAgentLegacy_x86_64
-           0           com.apple.cvmsCompAgentLegacy_i386_1
-           0           com.apple.cvmsCompAgentLegacy_i386
-           0           com.apple.cvmsCompAgent_x86_64_1
-           0           com.apple.cvmsCompAgent_x86_64
-           0           com.apple.cvmsCompAgent_i386_1
-           0           com.apple.cvmsCompAgent_i386
155         -           com.apple.cfprefsd.xpc.agent
-           0           com.apple.launchctl.Background

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

$ launchctl list

PID Status Label

1874 - 0x7fbbebe2ec80.anonymous.diskimages-help

409 - 0x7fbbebe06c30.anonymous.installd

363 - [0x0-0x16016].com.apple.AppleSpell

191 - 0x7fbbebe2e9d0.anonymous.com.apple.dock.

84 - 0x7fbbebf00910.anonymous.WindowServer

- 0 org.openbsd.ssh-agent

- 0 com.apple.ZoomWindow

198 - com.apple.wifi.WiFiKeychainProxy

- 0 com.apple.WebKit.PluginAgent

- 0 com.apple.warmd_agent

- 0 com.apple.VoiceOver

- 0 com.apple.UserNotificationCenterAgent

181 - com.apple.usernoted

151 - com.apple.UserEventAgent-Aqua

- 0 com.apple.USBAgent

- 0 com.apple.unmountassistant.useragent

- 0 com.apple.universalaccessd

- 0 com.apple.universalaccesscontrol

- 0 com.apple.universalaccessAuthWarn

176 - com.apple.ubd

- 0 com.apple.TMHelperAgent.SetupOffer

- 0 com.apple.TMHelperAgent

- 0 com.apple.tiswitcher

- 0 com.apple.talagent

163 - com.apple.SystemUIServer.agent

- 0 com.apple.systemprofiler

- 0 com.apple.syncservices.uihandler

- 0 com.apple.syncservices.SyncServer

- 0 com.apple.SubmitDiagInfo

233 - com.apple.storeagent

- 0 com.apple.storehelper

- 0 com.apple.spindump_agent

- 0 com.apple.speech.synthesisserver

- 0 com.apple.speech.speechdatainstallerd

- 0 com.apple.speech.recognitionserver

- 0 com.apple.speech.feedbackservicesserver

- 0 com.apple.softwareupdate_notify_agent

199 - com.apple.SocialPushAgent

193 - com.apple.soagent

172 - com.apple.sharingd

- 0 com.apple.ServiceManagement.LoginItems

- 0 com.apple.security.keychain-circle-notification

556 - com.apple.security.DiskUnmountWatcher

- 0 com.apple.security.agentStub

- 0 com.apple.scrod

- 0 com.apple.screensharing.MessagesAgent

- 0 com.apple.screensharing.agent

- 0 com.apple.ScreenReaderUIServer

- 0 com.apple.scopedbookmarksagent.xpc

- 0 com.apple.SafariNotificationAgent

- 0 com.apple.safaridavclient

- 0 com.apple.ReportPanic

- 0 com.apple.ReportGPURestart

- 0 com.apple.ReportCrash.Self

- 0 com.apple.ReportCrash

- 0 com.apple.RemoteDesktop.agent

- 0 com.apple.reclaimspace

- 0 com.apple.recentsd

- 0 com.apple.rcd

- 0 com.apple.quicklook.ui.helper

- 0 com.apple.quicklook

- 0 com.apple.quicklook.config

- 0 com.apple.quicklook.32bit

- 0 com.apple.PubSub.Agent

- 0 com.apple.printuitool.agent

- 0 com.apple.printtool.agent

- 0 com.apple.pictd

- 0 com.apple.PCIESlotCheck

258 - com.apple.pbs

169 - com.apple.pboard

- 0 com.apple.parentalcontrols.check

- 0 com.apple.PackageKit.InstallStatus

- 0 com.apple.nsnetworkd

- 0 com.apple.NetworkDiagnostics

- 0 com.apple.netauth.user.gui

- 0 com.apple.midiserver

- 0 com.apple.metadata.mdwrite

- 0 com.apple.mdmclient.cloudconfig.agent

- 0 com.apple.mdmclient.agent

- 0 com.apple.maspushagent

- 0 com.apple.Maps.mapspushd

- 0 com.apple.ManagedClient.agent

- 0 com.apple.lookupd

- 0 com.apple.locationmenu

174 - com.apple.librariand

202 - com.apple.LaunchServices.lsboxd

1255 - com.apple.lateragent

- 0 com.apple.java.updateSharing

- 0 com.apple.java.InstallOnDemandAgent

- 0 com.apple.isst

- 0 com.apple.installd.user

- 0 com.apple.IMLoggingAgent

- 0 com.apple.imklaunchagent

196 - com.apple.imagent

204 - com.apple.identityservicesd

- 0 com.apple.icloud.AOSNotificationAgent

- 0 com.apple.icbaccountsd

205 - com.apple.helpd

- 0 com.apple.FTCleanup

- 0 com.apple.FontWorker

- 0 com.apple.ATS.FontValidatorConduit

- 0 com.apple.ATS.FontValidator

- 0 com.apple.FontRegistryUIAgent

173 - com.apple.fontd

- 0 com.apple.findmymacmessenger

165 - com.apple.Finder

- 0 com.apple.FilesystemUI

- 0 com.apple.FileStatsAgent

- 0 com.apple.familycontrols.useragent

2003 - com.apple.EscrowSecurityAlert

- 0 com.apple.dt.CommandLineTools.installondemand

162 - com.apple.Dock.agent

- 0 com.apple.DiskArbitrationAgent

- 0 com.apple.DiagnosticReportCleanUpAgent

- 0 com.apple.csuseragent

- 0 com.apple.coreservices.uiagent

207 - com.apple.coreservices.appleid.authentication

- 0 com.apple.CoreRAIDAgent

- 0 com.apple.CoreLocationAgent

- 0 com.apple.coredata.externalrecordswriter

- 0 com.apple.cookied

- 0 com.apple.ContainerRepairAgent

- 0 com.apple.cmfsyncagent

- 0 com.apple.cfnetwork.cfnetworkagent

- 0 com.apple.cfnetwork.AuthBrokerAgent

- 0 com.apple.btsa

- 0 com.apple.bookstoreagent

- 0 com.apple.bluetoothUIServer

- 0 com.apple.BezelUIServer

- 0 com.apple.avrcpAgent

- 0 com.apple.AssistiveControl

- 0 com.apple.assistantd

- 0 com.apple.assistant_service

- 0 com.apple.apsctl

- 0 com.apple.appstoreupdateagent

- 0 com.apple.appsleep

- 0 com.apple.AOSPushRelay

- 0 com.apple.aos.migrate

- 0 com.apple.alf.useragent

- 0 com.apple.AirPortBaseStationAgent

- 0 com.apple.AddressBook.SourceSync

- 0 com.apple.AddressBook.AssistantService

- 0 com.apple.AddressBook.abd

211 - com.apple.accountsd

56 - 0x7fbbebc04070.anonymous.loginwindow

- 0 com.apple.launchctl.Aqua

3808 - 0x7fbbebe2c910.anonymous.launchctl

3798 - 0x7fbbebc08ce0.anonymous.bash

3797 - 0x7fbbebc08a40.anonymous.sshd

3077 - 0x7fbbebc08790.anonymous.launchproxy

3786 - 0x7fbbebc05150.anonymous.sshd

28 - 0x7fbbebe06700.anonymous.authd

18 - 0x7fbbebc084e0.anonymous.diskarbitration

365 - 0x7fbbebc06e50.anonymous.com.apple.Input

197 - 0x7fbbebc05460.anonymous.IMDPersistenceA

182 - 0x7fbbebe2d3e0.anonymous.com.apple.IconS

95 - 0x7fbbebe2d110.anonymous.CVMServer

84 - 0x7fbbebc04810.anonymous.WindowServer

30 - 0x7fbbebe2cbd0.anonymous.coreservicesd

56 - 0x7fbbebd0a1b0.anonymous.loginwindow

- 0 com.apple.xmigrationhelper.user

- 0 com.apple.TrustEvaluationAgent

190 - com.apple.tccd

- 0 com.apple.syncdefaultsd

- 0 com.apple.speech.speechsynthesisd

218 - com.apple.security.cloudkeychainproxy3

216 - com.apple.secd

- 0 com.apple.sbd

- 0 com.apple.pluginkit.pkd

- 0 com.apple.netauth.user.auth

- 0 com.apple.metadata.mdflagwriter

- 0 com.apple.mdworker.sizing

- 0 com.apple.mdworker.single

- 0 com.apple.mdworker.shared

- 0 com.apple.mdworker.mail

- 0 com.apple.mdworker.lsb

- 0 com.apple.mdworker.isolation

- 0 com.apple.mdworker.bundles

- 0 com.apple.mdworker.32bit

- 0 com.apple.mbpluginhost.user

- 0 com.apple.mbloginhelper.user

- 0 com.apple.KerberosHelper.LKDCHelper

- 0 com.apple.FileSyncAgent.PHD

152 - com.apple.distnoted.xpc.agent

- 0 com.apple.cvmsCompAgentLegacy_x86_64_1

- 0 com.apple.cvmsCompAgentLegacy_x86_64

- 0 com.apple.cvmsCompAgentLegacy_i386_1

- 0 com.apple.cvmsCompAgentLegacy_i386

- 0 com.apple.cvmsCompAgent_x86_64_1

- 0 com.apple.cvmsCompAgent_x86_64

- 0 com.apple.cvmsCompAgent_i386_1

- 0 com.apple.cvmsCompAgent_i386

155 - com.apple.cfprefsd.xpc.agent

- 0 com.apple.launchctl.Background

I’ve already disabled a number of services using the Github script, but maybe there are more to be disabled in the launchctl list.

For example: soagent, what is it and what does it do?

The find out, read the com.apple.soagent.plist file in /System/Library/LaunchAgents.

$ defaults read /System/Library/LaunchAgents/com.apple.soagent.plist
{
    EnvironmentVariables =     {
        NSRunningFromLaunchd = 1;
    };
    KeepAlive =     {
        SuccessfulExit = 0;
    };
    Label = "com.apple.soagent";
    LaunchEvents =     {
        ichat =         {
            bundleid = "com.apple.ichat";
            events =             (
                didDeliverNotification,
                didActivateNotification,
                didDismissAlert,
                didSnoozeAlert,
                didRemoveDeliveredNotifications,
                didExpireNotifications
            );
        };
    };
    MachServices =     {
        "com.apple.soagent" =         {
            ResetAtClose = 1;
        };
    };
    POSIXSpawnType = Adaptive;
    ProgramArguments =     (
        "/System/Library/PrivateFrameworks/MessagesKit.framework/Resources/soagent.app/Contents/MacOS/soagent"
    );
    RunAtLoad = 1;
}

$ defaults read /System/Library/LaunchAgents/com.apple.soagent.plist

{

EnvironmentVariables = {

NSRunningFromLaunchd = 1;

};

KeepAlive = {

SuccessfulExit = 0;

};

Label = "com.apple.soagent";

LaunchEvents = {

ichat = {

bundleid = "com.apple.ichat";

events = (

didDeliverNotification,

didActivateNotification,

didDismissAlert,

didSnoozeAlert,

didRemoveDeliveredNotifications,

didExpireNotifications

);

};

MachServices = {

"com.apple.soagent" = {

ResetAtClose = 1;

};

POSIXSpawnType = Adaptive;

ProgramArguments = (

"/System/Library/PrivateFrameworks/MessagesKit.framework/Resources/soagent.app/Contents/MacOS/soagent"

);

RunAtLoad = 1;

}

The launchd.plist manpage explains some of these settings.

The process has something to do with iChat. Since I don’t care whether iChat is running on my provisioned machine, I can try disabling this process:

launchctl -w /System/Library/LaunchAgents/com.apple.soagent.plist

If the system is stable with soagent disabled, then everything’s fine. Same thing goes for the CalendarAgent, the SocialPushAgent, and sharingd.

Another example: What is tccd?

$ cat /System/Library/LaunchAgents/com.apple.tccd.plist 
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>Label</key>
	<string>com.apple.tccd</string>
	<key>Program</key>
	<string>/System/Library/PrivateFrameworks/TCC.framework/Resources/tccd</string>
	<key>MachServices</key>
	<dict>
		<key>com.apple.tccd</key>
		<true/>
	</dict>
	<key>LimitLoadToSessionType</key>
	<string>Background</string>
	<key>POSIXSpawnType</key>
	<string>Adaptive</string>
</dict>
</plist>

$ cat /System/Library/LaunchAgents/com.apple.tccd.plist

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<dict>

<key>Label</key>

<string>com.apple.tccd</string>

<key>Program</key>

<string>/System/Library/PrivateFrameworks/TCC.framework/Resources/tccd</string>

<key>MachServices</key>

<dict>

<key>com.apple.tccd</key>

<true/>

</dict>

<key>LimitLoadToSessionType</key>

<string>Background</string>

<key>POSIXSpawnType</key>

<string>Adaptive</string>

</dict>

</plist>

$ ls /System/Library/PrivateFrameworks/TCC.framework/Versions/A/Resources/
Info.plist                   de.lproj/                    fr.lproj/                    it.lproj/                    ko.lproj/                    pt.lproj/                    sv.lproj/                    version.plist
ar.lproj/                    el.lproj/                    he.lproj/                    ja.lproj/                    ms.lproj/                    pt_PT.lproj/                 tccd                         vi.lproj/
ca.lproj/                    en.lproj/                    hr.lproj/                    kTCCServiceAddressBook.tiff  nl.lproj/                    ro.lproj/                    th.lproj/                    zh_CN.lproj/
cs.lproj/                    es.lproj/                    hu.lproj/                    kTCCServiceCalendar.tiff     no.lproj/                    ru.lproj/                    tr.lproj/                    zh_TW.lproj/
da.lproj/                    fi.lproj/                    id.lproj/                    kTCCServiceReminders.tiff    pl.lproj/                    sk.lproj/                    uk.lproj/

$ ls /System/Library/PrivateFrameworks/TCC.framework/Versions/A/Resources/

Info.plist de.lproj/ fr.lproj/ it.lproj/ ko.lproj/ pt.lproj/ sv.lproj/ version.plist

ar.lproj/ el.lproj/ he.lproj/ ja.lproj/ ms.lproj/ pt_PT.lproj/ tccd vi.lproj/

ca.lproj/ en.lproj/ hr.lproj/ kTCCServiceAddressBook.tiff nl.lproj/ ro.lproj/ th.lproj/ zh_CN.lproj/

cs.lproj/ es.lproj/ hu.lproj/ kTCCServiceCalendar.tiff no.lproj/ ru.lproj/ tr.lproj/ zh_TW.lproj/

da.lproj/ fi.lproj/ id.lproj/ kTCCServiceReminders.tiff pl.lproj/ sk.lproj/ uk.lproj/

$ plutil -convert xml1 -o - /System/Library/PrivateFrameworks/TCC.framework/Versions/A/Resources/en.lproj/Localizable.strings 
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>REQUEST_ACCESS_ALLOW</key>
	<string>OK</string>
	<key>REQUEST_ACCESS_DENY</key>
	<string>Don’t Allow</string>
	<key>REQUEST_ACCESS_SERVICE_kTCCServiceAddressBook</key>
	<string>“%@” would like to access your contacts.</string>
	<key>REQUEST_ACCESS_SERVICE_kTCCServiceCalendar</key>
	<string>“%@” would like to access your calendar.</string>
	<key>REQUEST_ACCESS_SERVICE_kTCCServiceLocation</key>
	<string>“%@” would like to use your current location.</string>
	<key>REQUEST_ACCESS_SERVICE_kTCCServiceReminders</key>
	<string>“%@” would like to access your reminders.</string>
</dict>
</plist>

$ plutil -convert xml1 -o - /System/Library/PrivateFrameworks/TCC.framework/Versions/A/Resources/en.lproj/Localizable.strings

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<dict>

<key>REQUEST_ACCESS_ALLOW</key>

<key>REQUEST_ACCESS_DENY</key>

<string>Don’t Allow</string>

<key>REQUEST_ACCESS_SERVICE_kTCCServiceAddressBook</key>

<string>“%@” would like to access your contacts.</string>

<key>REQUEST_ACCESS_SERVICE_kTCCServiceCalendar</key>

<string>“%@” would like to access your calendar.</string>

<key>REQUEST_ACCESS_SERVICE_kTCCServiceLocation</key>

<string>“%@” would like to use your current location.</string>

<key>REQUEST_ACCESS_SERVICE_kTCCServiceReminders</key>

<string>“%@” would like to access your reminders.</string>

</dict>

</plist>

So tccd appears to be the little popup that appears when application wants to dig into your more personal information. If the provisioned machine is being used as a server w/no logged in UI user, this can also be disabled.

The same pattern of analysis, reading plist files, and looking into the application bundles themselves if necessary, can be applied to all of the launched services.