Difference in behavior when hooking a library function via LD_PRELOAD on Ubuntu and CentOS

There is a hook function *socketHook.c* that intercepts *socket()* calls: #include int socket(int domain, int type, int protocol) { printf("socket() has been intercepted!\n"); return 0; } gcc -c -fPIC socketHook.c gcc -shared -o socketHook.so socketHook.o And a simple program *getpwuid.c* (1) that just invokes the getpwuid() function: #include int main() { getpwuid(0); return 0; } gcc getpwuid.c -o getpwuid *getpwuid()* internally makes a *socket()* call. On CentOS: $ strace -e trace=socket ./getpwuid socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3 socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3 socket(AF_UNIX, SOCK_STREAM, 0) = 4 On Ubuntu: $ strace -e trace=socket ./getpwuid socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 5 socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 5 When running (1), *socket()* is intercepted on CentOS, but not on Ubuntu. **CentOS.** *printf()* from *socketHook.c* is present: $ uname -a Linux centos-stream 4.18.0-301.1.el8.x86_64 #1 SMP Tue Apr 13 16:24:22 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ LD_PRELOAD=$(pwd)/socketHook.so ./getpwuid socket() has been intercepted! **Ubuntu**(Xubuntu 20.04). *printf()* from *socketHook.c* is NOT present: $ uname -a Linux ibse-VirtualBox 5.8.0-50-generic #56~20.04.1-Ubuntu SMP Mon Apr 12 21:46:35 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ LD_PRELOAD=$(pwd)/socketHook.so ./getpwuid $ So my question is: 1. What does it depend on? I think this is affected by the fact that *socket()* is not called directly from the executable, but from getpwuid(), which in turn is called, if I understand correctly, from libc.so 2. How to achieve the same behavior in CentOS as in Ubuntu? I don't want intercept indirect calls from libc