pkg icon indicating copy to clipboard operation
pkg copied to clipboard

Published 20 hours ago verified publisher icon freebsd

Add ps command to list processes using deleted binaries and libraries

Open ricardobranco777 opened this issue 1 year ago • 11 comments

Add ps command to list processes using deleted binaries and libraries. This functionality is found in package managers such as openSUSE's zypper & Debian's apt (using needrestart plugin).

The command name and output format is inspired by openSUSE's zypper.

To test it:

$ cp /bin/sleep /tmp ; /tmp/sleep 3600 ; rm -f /tmp/sleep

$ doas sysctl -w security.bsd.unprivileged_proc_debug=1

$ PATH=src pkg ps 
PID	PPID	UID	User	Command
56877	80912	1000	ricardo	sleep

$ PATH=src pkg ps -v
PID	PPID	UID	User	Command
56877	80912	1000	ricardo	sleep
	 /tmp/sleep 3600

Ref: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=279404

ricardobranco777 avatar May 30 '24 15:05 ricardobranco777

This functionality is found in [...] Debian's apt.

No it's not. needrestart is a separate project that installs apt and dpkg hooks to prompt for this.

jrtc27 avatar May 30 '24 19:05 jrtc27

This functionality is found in [...] Debian's apt.

No it's not. needrestart is a separate project that installs apt and dpkg hooks to prompt for this.

Nice to know. Thanks!

ricardobranco777 avatar May 30 '24 19:05 ricardobranco777

Thanks @grahamperrin

@ricardobranco777 you might be interested in https://github.com/Freaky/checkrestart (sysutils/checkrestart) as prior art. It supports limited operation when not ran as root (detecting replaced binaries only), filtering by jail, user, pid, and pid group, as well as libxo output so you can get the output as JSON or XML.

Freaky avatar May 31 '24 12:05 Freaky

@ricardobranco777 you might be interested in https://github.com/Freaky/checkrestart (sysutils/checkrestart) as prior art. It supports limited operation when not ran as root (detecting replaced binaries only), filtering by jail, user, pid, and pid group, as well as libxo output so you can get the output as JSON or XML.

I saw your tool and noticed that we do the same thing wrt executable mappings.

Only 3 pkg commands have support for JSON and they doesn't use libxo. I'm not sure adding yet another dependency would be wise for this simple command. I will look into jails though.

What I truly miss in this command is the ability to get service names like with zypper ps -sss. Not an easy thing to do because Systemd & OpenRC export this data to /proc/<pid>/cgroup in Linux. Any ideas?

ricardobranco777 avatar May 31 '24 12:05 ricardobranco777

I am against anty libxo in pkg! now regarding this command I don't like it as a general purpose ps command, if we are to have this, in my opinion it should be via the procstat command.

actually I more and more think this command should not belong to pkg, but actually belong to procstat and we should make the service command able to use it/know about it or something like that, a bit like service -R restarts all the running service we could have a service flag which restarts only when needs to be restarted.

I can still be convince otherwise

bapt avatar May 31 '24 13:05 bapt

I am against anty libxo in pkg! now regarding this command I don't like it as a general purpose ps command, if we are to have this, in my opinion it should be via the procstat command.

actually I more and more think this command should not belong to pkg, but actually belong to procstat and we should make the service command able to use it/know about it or something like that, a bit like service -R restarts all the running service we could have a service flag which restarts only when needs to be restarted.

I can still be convince otherwise

Pro:

  • Other package managers support it.

Con:

  • Other operations like freebsd-update or make installworld make those void mappings visible, but the same is true for other systems where this command is available in the package manager, and people are supposed to reboot after a system update.

Having the package manager run ps automatically after any update is the most sensible thing to do IMHO.

ricardobranco777 avatar May 31 '24 14:05 ricardobranco777

we should make the service command able to use it/know about it or something like that, a bit like service -R restarts all the running service we could have a service flag which restarts only when needs to be restarted.

And I'm not so sure about this one, since this same functionality sometimes fails on both openSUSE and Debian/Ubuntu. This is not trivial to get right.

ricardobranco777 avatar May 31 '24 15:05 ricardobranco777

Another con:

  • Users who only compile from ports won't use pkg I assume.

ricardobranco777 avatar Jun 01 '24 07:06 ricardobranco777

if you build from ports you use pkg in anycase.

bapt avatar Jun 01 '24 12:06 bapt

Parallel discussion: https://forums.freebsd.org/threads/93614/

grahamperrin avatar Jun 02 '24 10:06 grahamperrin

...and we should make the service command able to use it/know about it or something like that, a bit like service -R restarts all the running service we could have a service flag which restarts only when needs to be restarted.

From a sysadmin perspective this really sounds like the most convenient way to deal with the underlying "problem". However, it should have a "-n" switch if one can't immediately restart just any service on a production server.

While at it - I always wanted an equivalent of OpenBSDs 'rcctl ls failed' command to get a quick list of failed/crashed services... (but thats quite off-topic)

rostwald avatar Aug 15 '24 10:08 rostwald