[DTrace-devel] [PATCH 1/3] dtprobed: install the daemon, and start as early as possible

Tue Nov 1 21:36:38 UTC 2022

On Tue, Nov 01, 2022 at 09:30:09PM +0000, Nick Alcock via DTrace-devel wrote:
> We'd like to start dtprobed *before* multi-user.target so that the
> majority of daemons (those started after that point, in parallel)
> already find it running and can register any USDT probes they may
> contain.  This takes a bit of fiddling in the unit files for both
> dtprobed.service and dtrace-usdt.target.
> 
> We also need to "systemctl enable" everything at install time, since
> dtprobed et al don't appear in the presets, so start disabled by
> default.  (In the specfile, we not only need to do that but prod udev to
> get the udev rules loaded.  This is peculiar since udev uses filesystem
> notifies to do that itself, but if that's in the packaging standard, so
> be it... we even need to start the thing by hand after installation,
> because the systemd macros rely on dtprobed being named in the presets,
> which it is not.)
> 
> Also turn off RestrictSUIDSGID: it's a good idea but it relies on a
> seccomp filter, which stops us from enabling strict seccomp later on for
> dtprobed's parser child.
> 
> Signed-off-by: Nick Alcock <nick.alcock at oracle.com>

Reviewed-by: Kris Van Hees <kris.van.hees at oracle.com>

> ---
>  dtprobed/Build              |  3 +++
>  dtprobed/dtprobed.service   | 10 +++++++++-
>  dtprobed/dtrace-usdt.target |  7 +++++++
>  dtrace.spec                 | 16 +++++++++++++++-
>  4 files changed, 34 insertions(+), 2 deletions(-)
> 
> diff --git a/dtprobed/Build b/dtprobed/Build
> index b5254417830e..6775267ec77f 100644
> --- a/dtprobed/Build
> +++ b/dtprobed/Build
> @@ -38,4 +38,7 @@ ifdef HAVE_LIBSYSTEMD
>  	install -m 644 $(dtprobed_DIR)dtprobed.service $(INSTSYSTEMDUNITDIR)
>  	$(call describe-install-target,$(INSTSYSTEMDUNITDIR),dtrace-usdt.target)
>  	install -m 644 $(dtprobed_DIR)dtrace-usdt.target $(INSTSYSTEMDUNITDIR)
> +	if [[ -z $RPM_BUILD_ROOT ]]; then \
> +		systemctl enable dtprobed.service dtrace-usdt.target; \
> +	fi
>  endif
> diff --git a/dtprobed/dtprobed.service b/dtprobed/dtprobed.service
> index f5980734eb87..95f0a1d6d606 100644
> --- a/dtprobed/dtprobed.service
> +++ b/dtprobed/dtprobed.service
> @@ -4,6 +4,11 @@
>  [Unit]
>  Description=DTrace USDT probe creation daemon
>  Documentation=man:dtprobed(8)
> +DefaultDependencies=no
> +Requires=sysinit.target
> +Wants=sysinit.target sockets.target paths.target
> +After=sysinit.target sockets.target paths.target
> +Before=basic.target
>  
>  [Service]
>  Type=notify
> @@ -15,4 +20,7 @@ ProtectHome=true
>  PrivateDevices=false
>  PrivateNetwork=true
>  ProtectControlGroups=true
> -RestrictSUIDSGID=true
> +
> +[Install]
> +WantedBy=basic.target
> +Also=dtrace-usdt.target
> diff --git a/dtprobed/dtrace-usdt.target b/dtprobed/dtrace-usdt.target
> index f9d40e225798..faf1f5c6a9bc 100644
> --- a/dtprobed/dtrace-usdt.target
> +++ b/dtprobed/dtrace-usdt.target
> @@ -1,3 +1,6 @@
> +# Licensed under the Universal Permissive License v 1.0 as shown at
> +# http://oss.oracle.com/licenses/upl.
> +
>  [Unit]
>  Description=DTrace USDT operating normally
>  Documentation=man:dtprobed(8)
> @@ -6,3 +9,7 @@ BindsTo=dtprobed.service
>  After=dtprobed.service
>  RefuseManualStart=true
>  RefuseManualStop=true
> +
> +[Install]
> +WantedBy=basic.target
> +Also=dtprobed.service
> diff --git a/dtrace.spec b/dtrace.spec
> index 763b8d84573c..2a2d2f1d2828 100644
> --- a/dtrace.spec
> +++ b/dtrace.spec
> @@ -56,8 +56,9 @@ Name:         dtrace
>  License:      Universal Permissive License (UPL), Version 1.0
>  Group:        Development/Tools
>  Requires:     cpp elfutils-libelf zlib libpcap fuse3 >= 3.2.0
> -BuildRequires: glibc-headers bison flex zlib-devel elfutils-libelf-devel fuse3-devel >= 3.2.0 systemd-devel
> +BuildRequires: glibc-headers bison flex zlib-devel elfutils-libelf-devel fuse3-devel >= 3.2.0 systemd systemd-devel
>  BuildRequires: glibc-static %{glibc32} wireshark libpcap-devel valgrind-devel
> +%{?systemd_requires}
>  BuildRequires: kernel%{variant}-devel = %{build_kernel}
>  %if "%{?dist}" == ".el8"
>  BuildRequires: kernel%{variant}-devel = 5.15.0-0.16.2%{?dist}uek
> @@ -192,6 +193,10 @@ rm -rf $RPM_BUILD_DIR/%{name}-%{version}
>  
>  %post
>  /sbin/ldconfig
> +%udev_rules_update
> +%systemd_post dtprobed.service dtrace-usdt.target
> +systemctl enable dtprobed.service dtrace-usdt.target
> +systemctl start dtprobed.service
>  # if systemtap-dtrace.1.gz doesn't exist then we can move the existing dtrace manpage
>  MANDIR=/usr/share/man/man1
>  if [ -e $MANDIR/dtrace.1.gz -a ! -e $MANDIR/systemtap-dtrace.1.gz ]; then
> @@ -210,12 +215,17 @@ elif [ ! -e $SYSINCDIR/sdt.h ]; then
>      ln -s $SYSINCDIR/sdt-dtrace.h $SYSINCDIR/sdt.h
>  fi
>  
> +%preun
> +%systemd_preun dtprobed.service dtrace-usdt.target
> +
>  %postun
>  /sbin/ldconfig
>  MANDIR=/usr/share/man/man1
>  if [ -h $MANDIR/dtrace.1.gz ]; then
>      rm -f $MANDIR/dtrace.1.gz
>  fi
> +%udev_rules_update
> +%systemd_postun dtprobed.service dtrace-usdt.target
>  
>  %files
>  %defattr(-,root,root,-)
> @@ -223,10 +233,14 @@ fi
>  %exclude %{_libdir}/dtrace/testsuite
>  %{_libdir}/libdtrace.so.*
>  %{_sbindir}/dtrace
> +%{_sbindir}/dtprobed
>  %{_mandir}/man1/orcl-dtrace.1.gz
>  %{_includedir}/sys/sdt-dtrace.h
>  %{_includedir}/sys/sdt_internal.h
>  %doc %{_docdir}/dtrace-%{version}/*
> +%{_unitdir}/dtprobed.service
> +%{_unitdir}/dtrace-usdt.target
> +%{_udevrulesdir}/60-dtprobed.rules
>  
>  %files devel
>  %defattr(-,root,root,-)
> 
> base-commit: 13042087779ebe301c2052b7d37a42e8a97a5bf0
> -- 
> 2.38.0.266.g481848f278
> 
> 
> _______________________________________________
> DTrace-devel mailing list
> DTrace-devel at oss.oracle.com
> https://oss.oracle.com/mailman/listinfo/dtrace-devel