Re: [systemd-devel] Systemd-executor in 'u' state ?

Bhasker C V Sat, 22 Nov 2025 04:59:44 -0800

Hi
 I can confirm (atleast a few instances now) for sure that it is
systemd-executor
What I found was that systemd-executor runs as sd-pam and sd-pam is the one
which is opening the root in rw
This is what I get


COMMAND   PID USER  FD      TYPE             DEVICE SIZE/OFF   NODE NAME
(sd-pam) 1615  bcv cwd       DIR              252,1     4096      2 /
(sd-pam) 1615  bcv rtd       DIR              252,1     4096      2 /
(sd-pam) 1615  bcv txt       REG              252,1   141808 722604
/usr/lib/systemd/systemd-executor
(sd-pam) 1615  bcv mem       REG              252,1   619904 661098
/usr/lib/x86_64-linux-gnu/security/pam_systemd.so
(sd-pam) 1615  bcv mem       REG              252,1  1144192 669870
/usr/lib/x86_64-linux-gnu/libsystemd.so.0.42.0
(sd-pam) 1615  bcv mem       REG              252,1    34792 692647
/usr/lib/x86_64-linux-gnu/security/pam_gnome_keyring.so
(sd-pam) 1615  bcv mem       REG              252,1    14432 657304
/usr/lib/x86_64-linux-gnu/libpam_misc.so.0.82.1
(sd-pam) 1615  bcv mem       REG              252,1    14408 657344
/usr/lib/x86_64-linux-gnu/security/pam_keyinit.so
(sd-pam) 1615  bcv mem       REG              252,1   186312 657239
/usr/lib/x86_64-linux-gnu/libaudit.so.1.0.0
(sd-pam) 1615  bcv mem       REG              252,1  6373952 655725
/usr/lib/x86_64-linux-gnu/libcrypto.so.3
(sd-pam) 1615  bcv mem       REG              252,1    14784 706838
/usr/lib/x86_64-linux-gnu/security/pam_tmpdir.so
(sd-pam) 1615  bcv mem       REG              252,1    34896 657345
/usr/lib/x86_64-linux-gnu/security/pam_limits.so
(sd-pam) 1615  bcv mem       REG              252,1   711216 655665
/usr/lib/x86_64-linux-gnu/libpcre2-8.so.0.14.0
(sd-pam) 1615  bcv mem       REG              252,1   190696 655673
/usr/lib/x86_64-linux-gnu/libselinux.so.1
(sd-pam) 1615  bcv mem       REG              252,1    14336 657369
/usr/lib/x86_64-linux-gnu/security/pam_umask.so
(sd-pam) 1615  bcv mem       REG              252,1    14336 657348
/usr/lib/x86_64-linux-gnu/security/pam_loginuid.so
(sd-pam) 1615  bcv mem       REG              252,1    26624 657359
/usr/lib/x86_64-linux-gnu/security/pam_selinux.so
(sd-pam) 1615  bcv mem       REG              252,1    14336 657354
/usr/lib/x86_64-linux-gnu/security/pam_permit.so
(sd-pam) 1615  bcv mem       REG              252,1   821240 657624
/usr/lib/x86_64-linux-gnu/libzstd.so.1.5.7
(sd-pam) 1615  bcv mem       REG              252,1   125376 657631
/usr/lib/x86_64-linux-gnu/libz.so.1.3.1
(sd-pam) 1615  bcv mem       REG              252,1  2003408 658221
/usr/lib/x86_64-linux-gnu/libc.so.6
(sd-pam) 1615  bcv mem       REG              252,1  5197656 661104
/usr/lib/x86_64-linux-gnu/systemd/libsystemd-shared-259.so
(sd-pam) 1615  bcv mem       REG              252,1    55376 657370
/usr/lib/x86_64-linux-gnu/security/pam_unix.so
(sd-pam) 1615  bcv mem       REG              252,1    30632 657070
/usr/lib/x86_64-linux-gnu/libcap-ng.so.0.0.0
(sd-pam) 1615  bcv mem       REG              252,1   977112 658224
/usr/lib/x86_64-linux-gnu/libm.so.6
(sd-pam) 1615  bcv mem       REG              252,1  2546096 661103
/usr/lib/x86_64-linux-gnu/systemd/libsystemd-core-259.so
(sd-pam) 1615  bcv mem       REG              252,1    14040 657334
/usr/lib/x86_64-linux-gnu/security/pam_deny.so
(sd-pam) 1615  bcv mem       REG              252,1    67584 657303
/usr/lib/x86_64-linux-gnu/libpam.so.0.85.1
(sd-pam) 1615  bcv mem       REG              252,1   227256 659904
/usr/lib/x86_64-linux-gnu/libcrypt.so.1.1.0
(sd-pam) 1615  bcv mem       REG              252,1    84728 681506
/usr/lib/x86_64-linux-gnu/libapparmor.so.1.24.2
(sd-pam) 1615  bcv mem       REG              252,1   225600 658216
/usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
(sd-pam) 1615  bcv   0r      CHR                1,3      0t0      5
/dev/null
(sd-pam) 1615  bcv   1u     unix 0x00000000e2f30937      0t0  17595
type=STREAM (CONNECTED)
(sd-pam) 1615  bcv   2u     unix 0x00000000e2f30937      0t0  17595
type=STREAM (CONNECTED)
(sd-pam) 1615  bcv   3u  a_inode               0,15        0   1044
[eventfd:26]
(sd-pam) 1615  bcv   4u  a_inode               0,15        0   1044
[eventfd:27]
(sd-pam) 1615  bcv   6w     FIFO               0,14      0t0  17597 pipe
(sd-pam) 1615  bcv   7u     unix 0x000000007ba45d80      0t0  17604
type=DGRAM (CONNECTED)
(sd-pam) 1615  bcv  75u     unix 0x00000000cd59ab28      0t0    363
type=DGRAM (CONNECTED)
(sd-pam) 1615  bcv  85u     unix 0x00000000347b3d60      0t0    365
type=DGRAM (CONNECTED)

However when I kill sd-pam, I am safely able to remount / in "ro" mode.






On Fri, Nov 21, 2025 at 3:16 AM Bhasker C V <[email protected]> wrote:

> Thanks. I am still investigating which process is opening / in RW mode. I
> will update you.
> Thanks again for lsfd. I will use this
>
> On Thu, Nov 20, 2025 at 10:13 PM Cristian Rodríguez <[email protected]>
> wrote:
>
>> On Thu, Nov 20, 2025 at 12:26 PM Bhasker C V <[email protected]>
>> wrote:
>> >
>> > is there a reason why systemd has opened
>> /usr/lib/systemd/systemd-executor in "rw" (9u) state rather than "r" ?
>>
>> Use util-linux lsfd for this purpose which actually knows how to
>> decode stuff properly. it is also significantly faster.
>>
>

Re: [systemd-devel] Systemd-executor in 'u' state ?

Reply via email to