[systemd-devel] how to nest slices under system.slice
Alison Chaiken
alison at she-devel.com
Mon Mar 9 22:50:58 PDT 2015
Umut Tezduyar Lindskog (umut at tezduyar.com) asked:
>> How do I add a slice that is inside the system.slice?
Lennart answered:
> The name is basically the cgroup path. i.e. foo-bar-baz.slice is a
> slice below foo-bar.slice, which is below foo.slice, which is below
> -.slice.
I got curious about the pathological cases: what would happen if root
started a service that requested to be in user-foo.slice that was
resident in /usr/lib/systemd/system? The results came out sensibly,
but are not quite what I guessed in advance. Here are the results of
the four combinations:
Summary:
========
0. 'firefox.slice' is placed under top-level slice if started with
SUID from /usr/lib/systemd/system.
1. 'firefox.slice' is placed under user-<UID>.slice if started with
normal user privileges from /usr/lib/systemd/user.
2. 'user-firefox.slice' is placed under user.slice but not under
user-<uid>.slice if started with SUID from /usr/lib/systemd/system.
3. 'system-firefox.slice' is placed under a system.slice which is
created under user-<uid>.slice if started with normal user privileges
from /usr/lib/systemd/user.
Takeaway 0: as you'd expect, root can start services in a user's slice
if they are intentionally invoked that way. Normal users are free to
create slices under their main-level slice of any arbitrary name, but
not to create slices in the top-level system slice.
Takeaway 1: a service's slice is created at top-level only if its unit file
specifies neither system-*.slice or user-*.slice and it is started by root.
Details:
======
0. firefox.service with slice=firefox.slice placed in
/usr/lib/systemd/system and started with 'sudo systemctl start
firefox.service':
sudo systemd-cgls:
├─1 /usr/lib/systemd/systemd --switched-root --system --deserialize 23
├─firefox.slice
│ └─firefox.service
│ ├─3895 /usr/lib64/firefox/firefox http://fedoraproject.org/wiki/SysVinit_to_
│ ├─4044 /bin/dbus-launch --autolaunch 8ebf690c04404266b85a36b676fefc7a --bina
│ └─4045 /bin/dbus-daemon --fork --print-pid 5 --print-address 7 --session
1. Firefox with slice=firefox.slice placed in /usr/lib/systemd/user and
started with 'systemctl --user start firefox.service':
└─user.slice
└─user-1000.slice
├─session-1.scope
│ ├─2689 gdm-session-worker [pam/gdm-autologin]
│ ├─2707 gnome-session
[ . . . ]
└─user at 1000.service
├─2698 /usr/lib/systemd/systemd --user
├─2700 (sd-pam)
├─emacs.service
│ └─2704 /usr/bin/emacs --daemon
└─firefox.slice
└─firefox.service
└─4280 /usr/lib64/firefox/firefox
http://fedoraproject.org/wiki/SysVinit_to_
2. firefox-user-slice.service is placed in /usr/lib/systemd/system, but contains
'Slice=user-firefox.service' and started with sudo systemctl start
firefox-user-slice.service,
└─user.slice
├─user-1000.slice
│ ├─session-1.scope
│ │ ├─2689 gdm-session-worker [pam/gdm-autologin]
│ │ ├─2707 gnome-session
│ │ ├─2714 dbus-launch --sh-syntax --exit-with-session
[ . . . ]
│ │ └─4752 less
│ └─user at 1000.service
│ ├─2698 /usr/lib/systemd/systemd --user
│ ├─2700 (sd-pam)
│ └─emacs.service
│ └─2704 /usr/bin/emacs --daemon
└─user-firefox.slice
└─firefox-user-slice.service
3. Firefox with Slice=system-firefox.slice placed in
/usr/lib/systemd/user and started with 'systemctl --user start
firefox-system-slice.service'
└─user.slice
└─user-1000.slice
├─session-1.scope
│ ├─2689 gdm-session-worker [pam/gdm-autologin]
│ ├─2707 gnome-session
│ ├─2714 dbus-launch --sh-syntax --exit-with-session
[ . . . ]
└─user at 1000.service
├─2698 /usr/lib/systemd/systemd --user
├─2700 (sd-pam)
├─emacs.service
│ └─2704 /usr/bin/emacs --daemon
└─system.slice
└─system-firefox.slice
-- Alison
--
Alison Chaiken alison at she-devel.com
650-279-5600
http://{she-devel.com,exerciseforthereader.org}
One consumes a great deal of silence in the course of becoming
educated. -- Matthew B. Crawford
More information about the systemd-devel
mailing list