> The kernel APIs for all this aren't really good
> though, and I always was reluctant to check for PF_KTHREAD, as that
> flag is neither documented for userspace, nor available in any
> userspace-accessible headers. However, I wanted to tighten this a bit,
> and hence we now define the flag in our own code, as it appeared to me
> otherwise there was no chance to ever make this fully robust.
PF_KTHREAD was introduced in 2.6.27 and its value appears to be stable
since then. I think it should be retroactively declared part of ABI
otherwise people will continue to rediscover that all other means do not
work.
Empty /proc/*/exe is second best option for systemd and it's only one
system call.
On Do, 17.05.18 10:42, Alexey Dobriyan ([email protected]) wrote:
> > The kernel APIs for all this aren't really good
> > though, and I always was reluctant to check for PF_KTHREAD, as that
> > flag is neither documented for userspace, nor available in any
> > userspace-accessible headers. However, I wanted to tighten this a bit,
> > and hence we now define the flag in our own code, as it appeared to me
> > otherwise there was no chance to ever make this fully robust.
>
> PF_KTHREAD was introduced in 2.6.27 and its value appears to be stable
> since then. I think it should be retroactively declared part of ABI
> otherwise people will continue to rediscover that all other means do not
> work.
Yes, I agree. And it's exposed to userspace after all, though not
symbolic, but simply as flags value.
> Empty /proc/*/exe is second best option for systemd and it's only one
> system call.
That doesn't really work for us as readlink() on that requires
CAP_SYS_PTRACE, and we need something that works unprivileged, which
PF_KTHREAD does.
Lennart
--
Lennart Poettering, Red Hat