Am 08.06.2021 um 19:05 schrieb Matt Corallo:
On 6/8/21 12:31, Michael Biebl wrote:Am 08.06.2021 um 18:08 schrieb Matt Corallo:Hmmm, with set-linger and --scope I can't seem to reproduce now either, its possible I had forgotten the --scope at some point while testing set-linger before, sorry for the noise here.Still, based on my read of #825394, it seems like it should be the case that you do not need set-linger and the default behavior should be that things aren't automatically killed in the background? Is that something that was an intentional change?Change to what exactly? I guess we need to differentiate between login and user sessions.It's my understanding that KillUserProcesses= only affects a login session.I admit I am definitely not a systemd expert (which I suppose should be obvious by now :) ), so have no idea what this means, and systemd-run's man page doesn't really elucidate it. Not Debian's or your problem, of course, though.If you start a process as part of a user session (which is what systemd-run --user does), ending that user session will stop that process.Is there an alternate way to run things that lxc should instead be recommending? In my interactions with the lxc folks it seems this workaround is only relevant for Debian bullseye, so maybe other distros are patching systemd or changing cgroup settings such that interacting with systemd isn't required.
Are you sure? Which distros are that? Which exact version of that distro?
Similar to the discussion in 825394, having daemonsĀ spontaneously killed is incredibly surprising, maybe it makes sense to enable-linger by default?
That's not a good idea I think.Starting long running daemons from a user session is not the norm, I'd argue.
> Did you use systemd-run in buster to start your lxc containers?> You need to be very explicit, otherwise I can only guess what exactly you were/are doing.No, but also didn't need to, its only with bullseye that (systemd's ?) cgroup settings prevent direct calls to lxc-start, which is what makes the whole thing such a mess - one cannot simply call lxc functions anymore because systemd gets in the way. Using systemd for this, sadly, is an excercize in puzzling through man pages and lack of documentation for how to do any of this (half of the lxc docs for how to do this are because I had to ask lxc maintainers how to do basic lxc things with bullseye).
bullseye changed to cgroupv2 (see systemd's NEWS entry [1]). Other distros (like Fedora) made that switch a while ago
Maybe the best that can be done here is to document in lxc's README.Debian, that if you use unprivileged containers and you use systemd-run, you should also use linger if you want those daemons to persist.
In any case, I'm not sure there remains anything to be done on the systemd side. Afaics, everything behaves as documented.
Michael[1] https://salsa.debian.org/systemd-team/systemd/-/blob/debian/master/debian/systemd.NEWS#L1
OpenPGP_signature
Description: OpenPGP digital signature
