On 30/09/2022 11:21 pm, Laurent Bercot wrote:
A service that keeps crashing is an abnormal condition
Yes - sometimes that's what villains like to do :)
Note that I don't think making the restart delay configurable is a good trade-off. It adds complexity, size and failure cases to the s6-supervise code, it adds another file to a service directory for users to remember, it adds another avenue for configuration mistakes causing downtime, all that to save resources for a pathological case. The difference between 0 second and 1 second of free CPU is significant; longer delays have diminishing returns.
I'm not sure that its entirely pathological, as I also use 'finish' with a 'sleep' and timeout-finish in an effort to reduce SROP issues. Its also fairly common for us to have a loadavg of 4x ncores.
In the general case, yes if you want a process running then it should be up asap, and for that I'm very appreciative. :)
Ref: For ROP https://en.wikipedia.org/wiki/Return-oriented_programming SROP https://www.cs.vu.nl/~herbertb/papers/srop_sp14.pdf
