dtprobed: start as early as possible

We'd like to start dtprobed *before* multi-user.target so that the majority of daemons (those started after that point, in parallel) already find it running and can register any USDT probes they may contain. We also need to "systemctl enable" everything at install time, since dtprobed et al don't appear in the presets, so start disabled by default. (In the specfile, we not only need to do that but prod udev to get the udev rules loaded. This is peculiar since udev uses filesystem notifies to do that itself, but if that's in the packaging standard, so be it... we even need to start the thing by hand after installation, because the systemd macros rely on dtprobed being named in the presets, which it is not.) Also turn off RestrictSUIDSGID: it's a good idea but it relies on a seccomp filter, which stops us from enabling strict seccomp later on for dtprobed's parser child. Signed-off-by: Nick Alcock <nick.alcock@oracle.com> Reviewed-by: Kris Van Hees <kris.van.hees@oracle.com>
oracle · Nov 1, 2022 · 286bdb3 · 286bdb3
1 parent 9ac7fbe
commit 286bdb3
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 2 deletions.
diff --git a/dtprobed/Build b/dtprobed/Build
@@ -38,4 +38,7 @@ ifdef HAVE_LIBSYSTEMD
 	install -m 644 $(dtprobed_DIR)dtprobed.service $(INSTSYSTEMDUNITDIR)
 	$(call describe-install-target,$(INSTSYSTEMDUNITDIR),dtrace-usdt.target)
 	install -m 644 $(dtprobed_DIR)dtrace-usdt.target $(INSTSYSTEMDUNITDIR)
+	if [[ -z $RPM_BUILD_ROOT ]]; then \
+		systemctl enable dtprobed.service dtrace-usdt.target; \
+	fi
 endif
diff --git a/dtprobed/dtprobed.service b/dtprobed/dtprobed.service
@@ -4,6 +4,11 @@
 [Unit]
 Description=DTrace USDT probe creation daemon
 Documentation=man:dtprobed(8)
+DefaultDependencies=no
+Requires=sysinit.target
+Wants=sysinit.target sockets.target paths.target
+After=sysinit.target sockets.target paths.target
+Before=basic.target
 
 [Service]
 Type=notify
@@ -15,4 +20,7 @@ ProtectHome=true
 PrivateDevices=false
 PrivateNetwork=true
 ProtectControlGroups=true
-RestrictSUIDSGID=true
+
+[Install]
+WantedBy=basic.target
+Also=dtrace-usdt.target
diff --git a/dtprobed/dtrace-usdt.target b/dtprobed/dtrace-usdt.target
@@ -1,3 +1,6 @@
+# Licensed under the Universal Permissive License v 1.0 as shown at
+# http://oss.oracle.com/licenses/upl.
+
 [Unit]
 Description=DTrace USDT operating normally
 Documentation=man:dtprobed(8)
@@ -6,3 +9,7 @@ BindsTo=dtprobed.service
 After=dtprobed.service
 RefuseManualStart=true
 RefuseManualStop=true
+
+[Install]
+WantedBy=basic.target
+Also=dtprobed.service
diff --git a/dtrace.spec b/dtrace.spec
@@ -56,8 +56,9 @@ Name:         dtrace
 License:      Universal Permissive License (UPL), Version 1.0
 Group:        Development/Tools
 Requires:     cpp elfutils-libelf zlib libpcap fuse3 >= 3.2.0
-BuildRequires: glibc-headers bison flex zlib-devel elfutils-libelf-devel fuse3-devel >= 3.2.0 systemd-devel
+BuildRequires: glibc-headers bison flex zlib-devel elfutils-libelf-devel fuse3-devel >= 3.2.0 systemd systemd-devel
 BuildRequires: glibc-static %{glibc32} wireshark libpcap-devel valgrind-devel
+%{?systemd_requires}
 BuildRequires: kernel%{variant}-devel = %{build_kernel}
 %if "%{?dist}" == ".el8"
 BuildRequires: kernel%{variant}-devel = 5.15.0-0.16.2%{?dist}uek
@@ -192,6 +193,10 @@ rm -rf $RPM_BUILD_DIR/%{name}-%{version}
 
 %post
 /sbin/ldconfig
+%udev_rules_update
+%systemd_post dtprobed.service dtrace-usdt.target
+systemctl enable dtprobed.service dtrace-usdt.target
+systemctl start dtprobed.service
 # if systemtap-dtrace.1.gz doesn't exist then we can move the existing dtrace manpage
 MANDIR=/usr/share/man/man1
 if [ -e $MANDIR/dtrace.1.gz -a ! -e $MANDIR/systemtap-dtrace.1.gz ]; then
@@ -210,23 +215,32 @@ elif [ ! -e $SYSINCDIR/sdt.h ]; then
     ln -s $SYSINCDIR/sdt-dtrace.h $SYSINCDIR/sdt.h
 fi
 
+%preun
+%systemd_preun dtprobed.service dtrace-usdt.target
+
 %postun
 /sbin/ldconfig
 MANDIR=/usr/share/man/man1
 if [ -h $MANDIR/dtrace.1.gz ]; then
     rm -f $MANDIR/dtrace.1.gz
 fi
+%udev_rules_update
+%systemd_postun dtprobed.service dtrace-usdt.target
 
 %files
 %defattr(-,root,root,-)
 %{_libdir}/dtrace
 %exclude %{_libdir}/dtrace/testsuite
 %{_libdir}/libdtrace.so.*
 %{_sbindir}/dtrace
+%{_sbindir}/dtprobed
 %{_mandir}/man1/orcl-dtrace.1.gz
 %{_includedir}/sys/sdt-dtrace.h
 %{_includedir}/sys/sdt_internal.h
 %doc %{_docdir}/dtrace-%{version}/*
+%{_unitdir}/dtprobed.service
+%{_unitdir}/dtrace-usdt.target
+%{_udevrulesdir}/60-dtprobed.rules
 
 %files devel
 %defattr(-,root,root,-)