Hi Marc,

On Sat, 2022-01-01 at 20:55 +0100, Marc Haber wrote:
> Sure:
> 1 [1/4996]mh@torres:~ $ pgrep ssh
> 315675
> 315738
> [2/4997]mh@torres:~ $ sudo cat /proc/315675/cgroup
> [sudo] password for mh on torres: 
> 0::/user.slice/user-1001.slice/session-296.scope
> [3/4998]mh@torres:~ $ sudo cat /proc/315738/cgroup
> 0::/user.slice/user-1001.slice/session-296.scope
> [4/4999]mh@torres:~ $ 
> 

thanks! Needrestart should ignore those ssh instances since there is a
user slice cgroup. It does not work due to this check[1] in
needrestart.

[1] https://github.com/liske/needrestart/blob/v3.5/needrestart#L637

Looks like a systemd/cgroup related change in bullseye, buster seems
not to be affected.


Regards,
Thomas


> > As a workaround you might blacklist sshd in needrestart but I think
> > a
> > generic approach handling socket activation services in needrestart
> > would be better. Therefore needrestart need a way to detect if the
> > process belongs to a socket activated service.
> 
> It is also possible to mask ssh.service entirely in systemd. But of
> couse having the heuristic fixed would be better.
> 
> Greetings
> Marc
> 

Reply via email to