I'm attempting to root-cause analyze issues I've been having with launch daemons controlled by launchd.
My product has a single privileged LaunchDaemon running in the system domain (supposed to at least). I was looking at a client's machine that, for some reason, was running the daemon process both in the system domain and the gui/<uid> domain for the logged in user. When I would kill both processes on the client machine, both of them would start right back up in their respective domains. The associated plist for this daemon process only exists in /Library/LaunchDaemons.
My question is, how can this be possible that launchd would spin up multiple privileged daemons, but one of them running in the gui/<uid> domain? How can this be prevented from happening?
Some context/details:
- It was observed on the client's machine that the daemon service was previously disabled. The service was manually re-enabled using:
launchctl enable system/<nameOfDaemon>
sudo launchctl enable system/<nameOfDaemon>
- The daemon was reloaded by using:
sudo launchctl load /Library/LaunchDaemons/<plist of daemon process>