XNU has a load of non-standard extensions to posix_spawn for setting parameters. The problem with the API in general is that it’s designed to be able to be possible to implement in userspace and so is a strict subset of the set of things you can do with vfork. The things I actually want from a process creation API on *NIX are:
Set up all of the security credentials (including things like Capsicum mode and other sandboxing).
Open some files with the credentials of the new process, but before execve.
Set up the file descriptor table with a specific layout.
Set up shared memory regions that exist after execve.
Don’t inherit any file descriptors that aren’t explicitly passed.
Unfortunately posix_spawn helps with precisely zero of these.
XNU has a load of non-standard extensions to
posix_spawn
for setting parameters. The problem with the API in general is that it’s designed to be able to be possible to implement in userspace and so is a strict subset of the set of things you can do withvfork
. The things I actually want from a process creation API on *NIX are:execve
.execve
.Unfortunately
posix_spawn
helps with precisely zero of these.