В Mon, 27 Jan 2014 13:15:55 +0100 Tom Gundersen <t...@jklm.no> пишет:
> On Mon, Jan 27, 2014 at 7:43 AM, Zbigniew Jędrzejewski-Szmek > <zbys...@in.waw.pl> wrote: > > On Sun, Jan 26, 2014 at 09:16:13PM +0400, Andrey Borzenkov wrote: > >> В Sun, 26 Jan 2014 17:23:54 +0100 > >> Tom Gundersen <t...@jklm.no> пишет: > >> > >> > > >> > >> Unfortunately, setting KillMode=process is not allowed: > >> > >> > >> > >> Jan 26 17:12:30 linux-1a7f systemd[1]: user@0.service has PAM > >> > >> enabled. Kill mode must be set to 'control-group'. Refusing. > >> > >> > >> > >> Probably user@.service should be exempt from this rule. It is supposed > >> > >> to handle all services started by it itself, it *is* service manager > >> > >> after all? > >> > > >> > I don't think we want any processes to survive the exit of > >> > user@.service, so KillMode=process feels wrong. However, isn't the > >> > problem that we are going into the "kill control-group" mode too soon, > >> > before user@.serivce has had a chance of cleaning itself up > >> > gracefully? > >> > > >> > >> Yes. > >> > >> > > I rebuilt systemd without this restriction, set KillMode=process for > >> > > user@.service and this fixed things here. > >> > > > >> > > So there are two problems associated with user instance. > >> > > > >> > > 1. Using KillMode=control-group is wrong. Each service managed by user > >> > > instance has own requirements how it is stopped. Just sending > >> > > everything > >> > > SIGTERM without even trying service ExecStop first is obviously > >> > > incorrect. > >> > > >> > I guess what we want is to first send SIGTERM only to the systemd > >> > --user process, and only after a timeout start sending SIGTERM to all > >> > the processes in the control group? I.e., wouldn't a ExecStop entry in > >> > user@.service give us the required timeout? > >> > > >> > >> Does not work. systemd sends SIGTERM as soon as ExecStop finished. > > Looks like we need a setting like SendKillSignalTo=main-pid|all|control-pid. > > Or something like that. > > > > Also the TimeoutStopSec on user@.service should be probably increased > > to 10 min or so. > > > >> I believe someone already mentioned this problem. In general, we cannot > >> assume that ExecStop is synchronous. It may just signal main process to > >> exit. systemd should wait until $MAINPID exits (or timeout) before > >> continuing further processing. > > ExecStop is required to be synchronous, i.e. the service should be stopped > > when it returns. /bin/kill is not going to work here. > > Good point, I had missed that (I assumed there was a timeout). So > something like a synchronous "systemctl --user stop" should do it, no? > Yes, except "systemd --user" is defined only for a *current* user. Extending it to "systemd --user=<UID>" would be a solution (it must be numerical UID as nothing more is available in user@.service). I played with su, but it does not work with UID - it want user name, _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
