Why add parentheses around a process name

processsystemd

On my machine (Debian testing), when I do 

ps aux | grep pam

I obtain

orto        609  0.0  0.0  58532  2148 ?        S    08:06   0:00 (sd-pam)  
orto       5533  0.0  0.0  12724  1948 pts/1    S+   16:51   0:00 grep pam

(sd-pam) seems a strange name for a process. Reading this forum, I see that this name is set on purpose by systemd. In the source code we see

/* The child's job is to reset the PAM session on
 * termination */

/* This string must fit in 10 chars (i.e. the length
 * of "/sbin/init"), to look pretty in /bin/ps */
rename_process("(sd-pam)");

What does it mean look pretty in /bin/ps and why to choose (sd-pam) and not just sd-pam as a name? Putting parenthesis around the name seems indicate that this process has something special like for a kernel thread e.g. [kintegrityd].

Best Answer

Putting parenthesis around the name seems indicate that this process has something special

There are two cases:

  • (...)

When PID 1 starts a service binary it will first fork off a process, then adjust the process' parameters according to the service config and finally invoke execve() to execute the actual service process. In the time between the fork and the exec, we use PR_SET_NAME to change the process' name to what is going to be started, to make it easy to map this to the eventual service started. Note however, that there's a strict size limit on he "comm" name (i.e. the process name that my be set with PR_SET_NAME, i.e. the one "top" shows), which means we have to truncate. We chop off the beginning of the string, since usually the suffix is more interesting (otherwise, all of systemd's various services would appears as "(systemd-)" – which isn't particularly useful). We enclose the name in (), in order to clarify that this is the process that is going to become the specified process eventually, but isn't it yet.

See https://lists.freedesktop.org/archives/systemd-devel/2016-April/036322.html

  • (sd-pam) is the special case

If we spawn a unit with a non-empty 'PAMName=', we fork off a child-process inside the unit, known as '(sd-pam)', which watches the session. It waits for the main-process to exit and then finishes it via pam_close_session(3).

Related Question