On Do, 17.05.18 10:42, Alexey Dobriyan (adobri...@gmail.com) wrote: > > The kernel APIs for all this aren't really good > > though, and I always was reluctant to check for PF_KTHREAD, as that > > flag is neither documented for userspace, nor available in any > > userspace-accessible headers. However, I wanted to tighten this a bit, > > and hence we now define the flag in our own code, as it appeared to me > > otherwise there was no chance to ever make this fully robust. > > PF_KTHREAD was introduced in 2.6.27 and its value appears to be stable > since then. I think it should be retroactively declared part of ABI > otherwise people will continue to rediscover that all other means do not > work.
Yes, I agree. And it's exposed to userspace after all, though not symbolic, but simply as flags value. > Empty /proc/*/exe is second best option for systemd and it's only one > system call. That doesn't really work for us as readlink() on that requires CAP_SYS_PTRACE, and we need something that works unprivileged, which PF_KTHREAD does. Lennart -- Lennart Poettering, Red Hat
