Still picking away at this…
The PIDs are, of course, a moving target, as every time I log out and
back in to test a change, ssh-agent instances are getting shut down and
new ones started. As of right now:
* my systemd-managed ssh-agent is PID 3017
* the rogue ssh-agent is PID 7687
$ systemctl --user status ssh-agent.service
● ssh-agent.service - SSH key agent
Loaded: loaded (/etc/xdg/systemd/user/ssh-agent.service; enabled;
vendor preset: enabled) Active: active (running) since Thu 2022-07-28
08:02:14 ADT; 1h 21min ago Main PID: 3017 (ssh-agent)
Tasks: 1 (limit: 9302)
Memory: 560.0K
CPU: 5ms
CGroup:
/user.slice/user-1000.slice/user@1000.service/app.slice/ssh-agent.service
└─3017 /usr/bin/ssh-agent -D -a /run/user/1000/ssh-agent.socket
From the output of systemd-cgls I see that the rogue ssh-agent process
is part of the .scope CGroup corresponding to my X login session.
# systemctl status session-8.scope
● session-8.scope - Session 8 of User chris
Loaded: loaded (/run/systemd/transient/session-8.scope; transient)
Transient: yes
Active: active (running) since Thu 2022-07-28 08:59:48 ADT; 25min
ago Tasks: 254
Memory: 957.6M
CPU: 2min 5.903s
CGroup: /user.slice/user-1000.slice/session-8.scope
├─ 7588 lightdm --session-child 14 23
├─ 7625 xfce4-session
├─ 7687 /usr/bin/ssh-agent -s
etc.
man systemd.scope(5) says:
Scope units are not configured via unit configuration files, but are
only created programmatically using the bus interfaces of systemd.
[…] Unlike service units, scope units manage externally created
processes, and do not fork off processes on its own.
By my reading, that seems to indicate that the rogue ssh-agent (PID
7687) is a direct child of systemd's system instance (PID 1) only
because my XFCE4 session and all of its associated processes are running
contained in a "scope" (to take advantage of systemd's resource
management capabilities?), and this does not indicate that said
ssh-agent is in any direct or relevant sense being managed by systemd.
Can anyone confirm or correct my understanding here?
Also, in the absence of more promising leads, I followed Tomas' advice
and inserted "echo" statements at every decision point in
90x11-common_ssh-agent, which confirmed that the initial "if
has_option" check is returning False and none of the code in that if
block is being run. I'm convinced that Xsession is not the culprit.
Any ideas where I might look next? Anyone know if it's possible to ask
systemd what process "externally created" a process in a .scope?
Cheers!
-Chris
