[DTrace-devel] [PATCH 1/3] dtprobed: install the daemon, and start as early as possible

Nick Alcock nick.alcock at oracle.com
Tue Nov 1 21:30:09 UTC 2022 

We'd like to start dtprobed *before* multi-user.target so that the
majority of daemons (those started after that point, in parallel)
already find it running and can register any USDT probes they may
contain.  This takes a bit of fiddling in the unit files for both
dtprobed.service and dtrace-usdt.target.

We also need to "systemctl enable" everything at install time, since
dtprobed et al don't appear in the presets, so start disabled by
default.  (In the specfile, we not only need to do that but prod udev to
get the udev rules loaded.  This is peculiar since udev uses filesystem
notifies to do that itself, but if that's in the packaging standard, so
be it... we even need to start the thing by hand after installation,
because the systemd macros rely on dtprobed being named in the presets,
which it is not.)

Also turn off RestrictSUIDSGID: it's a good idea but it relies on a
seccomp filter, which stops us from enabling strict seccomp later on for
dtprobed's parser child.

Signed-off-by: Nick Alcock <nick.alcock at oracle.com>
---
 dtprobed/Build              |  3 +++
 dtprobed/dtprobed.service   | 10 +++++++++-
 dtprobed/dtrace-usdt.target |  7 +++++++
 dtrace.spec                 | 16 +++++++++++++++-
 4 files changed, 34 insertions(+), 2 deletions(-)

diff --git a/dtprobed/Build b/dtprobed/Build
index b5254417830e..6775267ec77f 100644
--- a/dtprobed/Build
+++ b/dtprobed/Build
@@ -38,4 +38,7 @@ ifdef HAVE_LIBSYSTEMD
 	install -m 644 $(dtprobed_DIR)dtprobed.service $(INSTSYSTEMDUNITDIR)
 	$(call describe-install-target,$(INSTSYSTEMDUNITDIR),dtrace-usdt.target)
 	install -m 644 $(dtprobed_DIR)dtrace-usdt.target $(INSTSYSTEMDUNITDIR)
+	if [[ -z $RPM_BUILD_ROOT ]]; then \
+		systemctl enable dtprobed.service dtrace-usdt.target; \
+	fi
 endif
diff --git a/dtprobed/dtprobed.service b/dtprobed/dtprobed.service
index f5980734eb87..95f0a1d6d606 100644
--- a/dtprobed/dtprobed.service
+++ b/dtprobed/dtprobed.service
@@ -4,6 +4,11 @@
 [Unit]
 Description=DTrace USDT probe creation daemon
 Documentation=man:dtprobed(8)
+DefaultDependencies=no
+Requires=sysinit.target
+Wants=sysinit.target sockets.target paths.target
+After=sysinit.target sockets.target paths.target
+Before=basic.target
 
 [Service]
 Type=notify
@@ -15,4 +20,7 @@ ProtectHome=true
 PrivateDevices=false
 PrivateNetwork=true
 ProtectControlGroups=true
-RestrictSUIDSGID=true
+
+[Install]
+WantedBy=basic.target
+Also=dtrace-usdt.target
diff --git a/dtprobed/dtrace-usdt.target b/dtprobed/dtrace-usdt.target
index f9d40e225798..faf1f5c6a9bc 100644
--- a/dtprobed/dtrace-usdt.target
+++ b/dtprobed/dtrace-usdt.target
@@ -1,3 +1,6 @@
+# Licensed under the Universal Permissive License v 1.0 as shown at
+# http://oss.oracle.com/licenses/upl.
+
 [Unit]
 Description=DTrace USDT operating normally
 Documentation=man:dtprobed(8)
@@ -6,3 +9,7 @@ BindsTo=dtprobed.service
 After=dtprobed.service
 RefuseManualStart=true
 RefuseManualStop=true
+
+[Install]
+WantedBy=basic.target
+Also=dtprobed.service
diff --git a/dtrace.spec b/dtrace.spec
index 763b8d84573c..2a2d2f1d2828 100644
--- a/dtrace.spec
+++ b/dtrace.spec
@@ -56,8 +56,9 @@ Name:         dtrace
 License:      Universal Permissive License (UPL), Version 1.0
 Group:        Development/Tools
 Requires:     cpp elfutils-libelf zlib libpcap fuse3 >= 3.2.0
-BuildRequires: glibc-headers bison flex zlib-devel elfutils-libelf-devel fuse3-devel >= 3.2.0 systemd-devel
+BuildRequires: glibc-headers bison flex zlib-devel elfutils-libelf-devel fuse3-devel >= 3.2.0 systemd systemd-devel
 BuildRequires: glibc-static %{glibc32} wireshark libpcap-devel valgrind-devel
+%{?systemd_requires}
 BuildRequires: kernel%{variant}-devel = %{build_kernel}
 %if "%{?dist}" == ".el8"
 BuildRequires: kernel%{variant}-devel = 5.15.0-0.16.2%{?dist}uek
@@ -192,6 +193,10 @@ rm -rf $RPM_BUILD_DIR/%{name}-%{version}
 
 %post
 /sbin/ldconfig
+%udev_rules_update
+%systemd_post dtprobed.service dtrace-usdt.target
+systemctl enable dtprobed.service dtrace-usdt.target
+systemctl start dtprobed.service
 # if systemtap-dtrace.1.gz doesn't exist then we can move the existing dtrace manpage
 MANDIR=/usr/share/man/man1
 if [ -e $MANDIR/dtrace.1.gz -a ! -e $MANDIR/systemtap-dtrace.1.gz ]; then
@@ -210,12 +215,17 @@ elif [ ! -e $SYSINCDIR/sdt.h ]; then
     ln -s $SYSINCDIR/sdt-dtrace.h $SYSINCDIR/sdt.h
 fi
 
+%preun
+%systemd_preun dtprobed.service dtrace-usdt.target
+
 %postun
 /sbin/ldconfig
 MANDIR=/usr/share/man/man1
 if [ -h $MANDIR/dtrace.1.gz ]; then
     rm -f $MANDIR/dtrace.1.gz
 fi
+%udev_rules_update
+%systemd_postun dtprobed.service dtrace-usdt.target
 
 %files
 %defattr(-,root,root,-)
@@ -223,10 +233,14 @@ fi
 %exclude %{_libdir}/dtrace/testsuite
 %{_libdir}/libdtrace.so.*
 %{_sbindir}/dtrace
+%{_sbindir}/dtprobed
 %{_mandir}/man1/orcl-dtrace.1.gz
 %{_includedir}/sys/sdt-dtrace.h
 %{_includedir}/sys/sdt_internal.h
 %doc %{_docdir}/dtrace-%{version}/*
+%{_unitdir}/dtprobed.service
+%{_unitdir}/dtrace-usdt.target
+%{_udevrulesdir}/60-dtprobed.rules
 
 %files devel
 %defattr(-,root,root,-)

base-commit: 13042087779ebe301c2052b7d37a42e8a97a5bf0
-- 
2.38.0.266.g481848f278

More information about the DTrace-devel mailing list