search

kolide / launcher

Osquery launcher, autoupdater, and packager
https://kolide.com/launcher
Other
506 stars 103 forks source link

Kolide.app shows as "Not Responding" in the macOS activity monitor #1459

Open directionless opened 1 year ago

directionless commented 1 year ago

Screenshot 2023-11-15 at 11 36 55

$ ps -eaf | grep -E '45065|74879'
  501  4443 74879   0  7:12AM ??         0:00.00 <defunct>
    0 15936 45065   0 11:15AM ??         0:00.16 /var/kolide-k2/k2device-preprod.kolide.com/updates/osqueryd/5.10.2/osquery.app/Contents/MacOS/osqueryd --logger_plugin=kolide_grpc --distributed_plugin=kolide_grpc --disable_distributed=false --distributed_interval=5 --pack_delimiter=: --host_identifier=uuid --force=true --utc --config_refresh=300 --config_accelerated_refresh=30 --augeas_lenses=/var/kolide-k2/k2device-preprod.kolide.com/augeas-lenses --pidfile=/var/kolide-k2/k2device-preprod.kolide.com/osquery.pid --database_path=/var/kolide-k2/k2device-preprod.kolide.com/osquery.db --extensions_socket=/var/kolide-k2/k2device-preprod.kolide.com/osquery.sock --extensions_autoload=/var/kolide-k2/k2device-preprod.kolide.com/osquery.autoload --disable_extensions=false --extensions_timeout=20 --config_plugin=kolide_grpc --extensions_require=kolide_grpc
    0 45065     1   0 Sat06PM ??         6:15.83 /usr/local/kolide-k2/Kolide.app/Contents/MacOS/launcher -config /etc/kolide-k2/launcher.flags
    0 74876 45065   0  3:28PM ??         0:00.01 sudo --preserve-env -u seph /var/kolide-k2/k2device-preprod.kolide.com/updates/launcher/1.2.1-11-g8c04686/Kolide.app/Contents/MacOS/launcher desktop
  501 74879 74876   0  3:28PM ??         0:29.26 /var/kolide-k2/k2device-preprod.kolide.com/updates/launcher/1.2.1-11-g8c04686/Kolide.app/Contents/MacOS/launcher desktop
  501 86063 74879   0  9:57PM ??         0:00.00 <defunct>
  501 16689 14984   0 11:38AM ttys029    0:00.00 grep -E 45065|74879

45065 looks like the root launcher, and 74879 is desktop.

I suspect this is because we bring in some UI stuff, but don't actually have a UI run loop. (or maybe just because we bring in some macOS framework that does it for us)

I don't see any problem, but it looks funny

directionless commented 1 year ago

I dug into this on slack a month ago. https://kolide.slack.com/archives/CGFJY1SP2/p1696598666320919

There are links off https://apple.stackexchange.com/questions/424762/is-there-a-way-to-find-processes-that-are-not-responding-using-terminal