В Mon, 27 Jan 2014 13:15:55 +0100 Tom Gundersen <[email protected]> пишет:
> On Mon, Jan 27, 2014 at 7:43 AM, Zbigniew Jędrzejewski-Szmek > <[email protected]> wrote: > > On Sun, Jan 26, 2014 at 09:16:13PM +0400, Andrey Borzenkov wrote: > >> В Sun, 26 Jan 2014 17:23:54 +0100 > >> Tom Gundersen <[email protected]> пишет: > >> > >> > > >> > >> Unfortunately, setting KillMode=process is not allowed: > >> > >> > >> > >> Jan 26 17:12:30 linux-1a7f systemd[1]: [email protected] has PAM > >> > >> enabled. Kill mode must be set to 'control-group'. Refusing. > >> > >> > >> > >> Probably [email protected] should be exempt from this rule. It is supposed > >> > >> to handle all services started by it itself, it *is* service manager > >> > >> after all? > >> > > >> > I don't think we want any processes to survive the exit of > >> > [email protected], so KillMode=process feels wrong. However, isn't the > >> > problem that we are going into the "kill control-group" mode too soon, > >> > before [email protected] has had a chance of cleaning itself up > >> > gracefully? > >> > > >> > >> Yes. > >> > >> > > I rebuilt systemd without this restriction, set KillMode=process for > >> > > [email protected] and this fixed things here. > >> > > > >> > > So there are two problems associated with user instance. > >> > > > >> > > 1. Using KillMode=control-group is wrong. Each service managed by user > >> > > instance has own requirements how it is stopped. Just sending > >> > > everything > >> > > SIGTERM without even trying service ExecStop first is obviously > >> > > incorrect. > >> > > >> > I guess what we want is to first send SIGTERM only to the systemd > >> > --user process, and only after a timeout start sending SIGTERM to all > >> > the processes in the control group? I.e., wouldn't a ExecStop entry in > >> > [email protected] give us the required timeout? > >> > > >> > >> Does not work. systemd sends SIGTERM as soon as ExecStop finished. > > Looks like we need a setting like SendKillSignalTo=main-pid|all|control-pid. > > Or something like that. > > > > Also the TimeoutStopSec on [email protected] should be probably increased > > to 10 min or so. > > > >> I believe someone already mentioned this problem. In general, we cannot > >> assume that ExecStop is synchronous. It may just signal main process to > >> exit. systemd should wait until $MAINPID exits (or timeout) before > >> continuing further processing. > > ExecStop is required to be synchronous, i.e. the service should be stopped > > when it returns. /bin/kill is not going to work here. > > Good point, I had missed that (I assumed there was a timeout). So > something like a synchronous "systemctl --user stop" should do it, no? > Yes, except "systemd --user" is defined only for a *current* user. Extending it to "systemd --user=<UID>" would be a solution (it must be numerical UID as nothing more is available in [email protected]). I played with su, but it does not work with UID - it want user name, _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
