[DTrace-devel] [PATCH] libproc: make Psystem_daemon() detect modern systemd properly

Nick Alcock nick.alcock at oracle.com
Fri Jun 13 16:46:37 UTC 2025 

Psystem_daemon() is used when carrying out shortlived grabs to detect
whether a process is too risky to carry out invasive grabs of (you wouldn't
usually want to stop syslogd or, God forbid, try to ptrace PID 1, unless
explicitly requested via -p: the process just coming up in routine probe
firing is not enough).

This has two code paths: a reliable one for systemd systems (which checks to
see if the process is in the system slice, which contains precisely and only
system daemons), and an unreliable one for other systems (which does the old
Unix approach of consdering anything in the user uid range or with a TTY or
with open standard FDs to TTYs to be not system daemons, and everything else
to possibly be one).

We were checking to see if a system was systemd by looking for the systemd
cgroup hierarchy name in any of the victim process's cgroups.  This was
reliable back in the days of cgroups v1, but alas in v2 where systemd runs
all the cgroups if it runs any and there are no longer multiple hierarchies,
systemd no longer names its cgroups this way and the test fails, causing us
to fall back to the unreliable pre-systemd approach.

Use a more reliable approach to detect systemd, the same approach used by
sd_booted() in libsystemd; check for the existence of the
/run/systemd/system directory.  Fix slice detection to work in the absence
of a systemd hierarchy name, and everything else works unchanged.

Signed-off-by: Nick Alcock <nick.alcock at oracle.com>
---
 libproc/Pcontrol.c | 33 +++++++++++++++++++++++----------
 1 file changed, 23 insertions(+), 10 deletions(-)

diff --git a/libproc/Pcontrol.c b/libproc/Pcontrol.c
index 7d9b5055f8201..02da472553d99 100644
--- a/libproc/Pcontrol.c
+++ b/libproc/Pcontrol.c
@@ -2927,10 +2927,24 @@ Psystem_daemon(pid_t pid, uid_t useruid, const char *sysslice)
 	int fd;
 
 	/*
-	 * If this is a system running systemd, or we don't know yet, dig out
-	 * the systemd cgroup line from /proc/$pid/cgroup.
+	 * If we don't know if this systemd is running systemd, find out.
 	 */
-	if (systemd_system != 0) {
+	if (systemd_system < 0) {
+		struct stat st;
+
+		if (stat("/run/systemd/system", &st) < 0 ||
+		    !S_ISDIR(st.st_mode))
+			systemd_system = 0;
+		else
+			systemd_system = 1;
+		_dprintf("systemd system.\n");
+	}
+
+	/*
+	 * If this is a system running systemd, dig out the systemd cgroup line
+	 * from /proc/$pid/cgroup.
+	 */
+	if (systemd_system) {
 		snprintf(procname, sizeof(procname), "%s/%d/cgroup",
 		    procfs_path, pid);
 
@@ -2941,20 +2955,19 @@ Psystem_daemon(pid_t pid, uid_t useruid, const char *sysslice)
 		}
 
 		while (getline(&buf, &n, fp) >= 0) {
-			if (strstr(buf, ":name=systemd:") != NULL) {
-				systemd_system = 1;
+			if (strstr(buf, ".slice/") != NULL) {
 				break;
 			}
 		}
 		fclose(fp);
 		if (systemd_system < 0)
 			systemd_system = 0;
-	}
 
-	/*
-	 * We have the systemd cgroup line in buf.  Look at our slice name.
-	 */
-	if (systemd_system) {
+		/*
+		 * We have our slice's cgroup line in buf.  Extract the slice
+		 * name, skipping over the hierarchy number and controller
+		 * fields.
+		 */
 		char *colon = strchr(buf, ':');
 		if (colon)
 			colon = strchr(colon + 1, ':');

base-commit: aa63660a7cfcdeb1daf4fb63f1c15f75a1693064
prerequisite-patch-id: fb67028e06b7f26c5cab857477a44609f50a1706
prerequisite-patch-id: f663cbb68f1b30be83e8327ff098fff812ba85e6
prerequisite-patch-id: 7f3cf0adb87fb636276334b0002338ec656f86f7
prerequisite-patch-id: f4716e3bf14ed8233d49d2f7f07bda796f2f2ba7
prerequisite-patch-id: 66c5402691e142580c92584b2eaa4e793146b1a1
prerequisite-patch-id: f96954068cbbaca32084ca999daa825d6668ddd4
prerequisite-patch-id: 6e71861d033f5658a807814dce1161465cc600c5
prerequisite-patch-id: 7e219f03f4634783ebd0550542fa8dbe33e70fa3
prerequisite-patch-id: e7dad794aa72e6d48edc277370f8cca25292d3ba
prerequisite-patch-id: 9288cd08c77af53d45e9eef5828bca8bddd22258
prerequisite-patch-id: 994fc434d3e5684814f090acd558aa1d29e737b6
prerequisite-patch-id: 0b84e67ab3948f9edcf987ddbf9ce38df5656ed3
prerequisite-patch-id: cb433110beec8b9e5745acb05930c06b890f4788
prerequisite-patch-id: 71925afd1991d6b1800e0767e5c1420f5b8b43ed
prerequisite-patch-id: 67fc0d710b58d6205a6877c4e89b531147b61b51
prerequisite-patch-id: 5b2284dbf7638adacab912d64ccfa775a00632be
-- 
2.48.1.283.g18c60a128c

More information about the DTrace-devel mailing list