Minor What were you trying to do that didn't work?
The pmlogger_farm_check.service unit execute /usr/bin/pmlogctl as its Execstart command.
Internally /usr/bin/pmlogctl can make use of sudo, which should be prohibited for services:
:
1697 CHECK="sudo -u $PCP_USER -g $PCP_GROUP $PCP_BINADM_DIR/${IAM}_check"
:
Because of this, the processes started under sudo end up executing in the user slice of pcp user, which is not expected: processes started by a service should remain in the slice of the service.
This can be confirmed through checking systemd-cgls output:
│ ├─user-989.slice (#9261)
:
│ │ └─session-c20.scope (#9369)
│ │ ├─127652 sudo -u pcp -g pcp /usr/libexec/pcp/bin/pmlogger_check -c /etc/p...
│ │ ├─127657 /usr/bin/sh /usr/libexec/pcp/bin/pmlogger_check -c /etc/pcp/pmlo...
│ │ ├─127717 /usr/bin/sh /usr/libexec/pcp/bin/pmlogger_check -c /etc/pcp/pmlo...
│ │ ├─127763 /usr/libexec/pcp/bin/pmlogger -h xxx -d "/v...
│ │ ├─130023 /usr/libexec/pcp/bin/pmlogger -h xxx-d "/v...
│ │ ├─142438 /usr/libexec/pcp/bin/pmlogger -h xxx -d "/v...
│ │ ├─142991 /usr/libexec/pcp/bin/pmlogger -h xxx -d "/v...
│ │ ├─143061 pmlc 142991
│ │ ├─143062 tee /var/tmp/pmlogger_check.CJoLPRynh/tmp
│ │ └─143063 grep ^Connected to .*pmlogger
:
├─system.slice (#55)
:
│ ├─pmlogger_farm_check.service (#9157)
:
│ │ ├─126835 /usr/bin/sh /usr/bin/pmlogctl -m check
│ │ └─127629 /usr/bin/sh /usr/bin/pmlogctl -m check
The solution is to replace sudo by runuser, which is the tool dedicated to changing user without changing cgroup.
What is the impact of this issue to you?
No impact but incorrect behavior.
Please provide the package NVR for which the bug is seen:
pcp-6.2.0-5.el9_4.x86_64
How reproducible is this bug?:
Always, start the service and make sure `CHECK` gets called (no idea what the condition is, but encountered on customer's system).
