`needs-restarting` | '`-u`' option | "Failed to read PID [number]'s smaps"

[Ricky-Tigg]

• tested on OS: Fedora; Rawhide branch
• dnf-plugins-core: v.: 4.10.1

To reproduce

$ needs-restarting -u
Failed to read PID 2164's smaps.

note: process reading would not fail when executed with sudo.

$ strace -Ze trace=openat needs-restarting -u
[...]
openat(AT_FDCWD, "/proc/2164/smaps", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
Failed to read PID 2164's smaps.
+++ exited with 0 +++

Description

Hello. This confirms what the NEEDS-RESTARTING(1) manual says about the methods used to guess the boot time; so it is one of two methods involving the /proc filesystem; st_mtime of /proc/1 and /proc/uptime. I am not qualified to determine which, however.

Since the regular file permissions for /proc/2164/smaps are appropriate for reading, 0444 / -r--r--r-- according to 'stat', could the denied permission be due to an incorrect or partial set of kernel capabilities applying to the file?

$ getpcaps 2164
2164: cap_wake_alarm=eip
$ pscap -p 2164
ppid  pid   uid              command  capabilities  
1     2164  [current_user]   systemd  wake_alarm +
$ cat /proc/2164/status | head -n 3
Name:	systemd
Umask:	0022
State:	S (sleeping)
$ capsh --explain=cap_wake_alarm
cap_wake_alarm (35) [/proc/self/status:CapXXX: 0x0000000800000000]
 Allows a process to trigger something that can wake the system up.

That capability is in any case not the one that controls permissions; it can therefore be excluded as a cause. I don't know how to draw any relevant conclusions from the outputs of 'filecap -d', 'systemd-analyze capability', and the Capabilities(7) manual. I'll stop speculating here.