1. 4
  1. 1

    XNU has a load of non-standard extensions to posix_spawn for setting parameters. The problem with the API in general is that it’s designed to be able to be possible to implement in userspace and so is a strict subset of the set of things you can do with vfork. The things I actually want from a process creation API on *NIX are:

    • Set up all of the security credentials (including things like Capsicum mode and other sandboxing).
    • Open some files with the credentials of the new process, but before execve.
    • Set up the file descriptor table with a specific layout.
    • Set up shared memory regions that exist after execve.
    • Don’t inherit any file descriptors that aren’t explicitly passed.

    Unfortunately posix_spawn helps with precisely zero of these.