Add ps command to list processes using deleted binaries and libraries

[ricardobranco777]

Add ps command to list processes using deleted binaries and libraries. This functionality is found in package managers such as openSUSE's zypper & Debian's apt (using needrestart plugin).

The command name and output format is inspired by openSUSE's zypper.

To test it:

$ cp /bin/sleep /tmp ; /tmp/sleep 3600 ; rm -f /tmp/sleep

$ doas sysctl -w security.bsd.unprivileged_proc_debug=1

$ PATH=src pkg ps 
PID	PPID	UID	User	Command
56877	80912	1000	ricardo	sleep

$ PATH=src pkg ps -v
PID	PPID	UID	User	Command
56877	80912	1000	ricardo	sleep
	 /tmp/sleep 3600

Ref: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=279404

[jrtc27]

This functionality is found in [...] Debian's apt.

No it's not. needrestart is a separate project that installs apt and dpkg hooks to prompt for this.

[ricardobranco777]

This functionality is found in [...] Debian's apt.

No it's not. needrestart is a separate project that installs apt and dpkg hooks to prompt for this.

Nice to know. Thanks!

[Freaky]

Thanks @grahamperrin

@ricardobranco777 you might be interested in https://github.com/Freaky/checkrestart (sysutils/checkrestart) as prior art. It supports limited operation when not ran as root (detecting replaced binaries only), filtering by jail, user, pid, and pid group, as well as libxo output so you can get the output as JSON or XML.

[ricardobranco777]

@ricardobranco777 you might be interested in https://github.com/Freaky/checkrestart (sysutils/checkrestart) as prior art. It supports limited operation when not ran as root (detecting replaced binaries only), filtering by jail, user, pid, and pid group, as well as libxo output so you can get the output as JSON or XML.

I saw your tool and noticed that we do the same thing wrt executable mappings.

Only 3 pkg commands have support for JSON and they doesn't use libxo. I'm not sure adding yet another dependency would be wise for this simple command. I will look into jails though.

What I truly miss in this command is the ability to get service names like with zypper ps -sss. Not an easy thing to do because Systemd & OpenRC export this data to /proc/<pid>/cgroup in Linux. Any ideas?

[bapt]

I am against anty libxo in pkg! now regarding this command I don't like it as a general purpose ps command, if we are to have this, in my opinion it should be via the procstat command.

actually I more and more think this command should not belong to pkg, but actually belong to procstat and we should make the service command able to use it/know about it or something like that, a bit like service -R restarts all the running service we could have a service flag which restarts only when needs to be restarted.

I can still be convince otherwise

[ricardobranco777]

I am against anty libxo in pkg! now regarding this command I don't like it as a general purpose ps command, if we are to have this, in my opinion it should be via the procstat command.

actually I more and more think this command should not belong to pkg, but actually belong to procstat and we should make the service command able to use it/know about it or something like that, a bit like service -R restarts all the running service we could have a service flag which restarts only when needs to be restarted.

I can still be convince otherwise

Pro:

• Other package managers support it.

Con:

• Other operations like freebsd-update or make installworld make those void mappings visible, but the same is true for other systems where this command is available in the package manager, and people are supposed to reboot after a system update.

Having the package manager run ps automatically after any update is the most sensible thing to do IMHO.

[ricardobranco777]

we should make the service command able to use it/know about it or something like that, a bit like service -R restarts all the running service we could have a service flag which restarts only when needs to be restarted.

And I'm not so sure about this one, since this same functionality sometimes fails on both openSUSE and Debian/Ubuntu. This is not trivial to get right.

[ricardobranco777]

Another con:

• Users who only compile from ports won't use pkg I assume.

[bapt]

if you build from ports you use pkg in anycase.

[grahamperrin]

Parallel discussion: https://forums.freebsd.org/threads/93614/

[rostwald]

...and we should make the service command able to use it/know about it or something like that, a bit like service -R restarts all the running service we could have a service flag which restarts only when needs to be restarted.

From a sysadmin perspective this really sounds like the most convenient way to deal with the underlying "problem". However, it should have a "-n" switch if one can't immediately restart just any service on a production server.

While at it - I always wanted an equivalent of OpenBSDs 'rcctl ls failed' command to get a quick list of failed/crashed services... (but thats quite off-topic)