[systemd-devel] Allow stop jobs to be killed during shutdown

Mon Jan 27 07:11:46 PST 2014

В Mon, 27 Jan 2014 13:15:55 +0100
Tom Gundersen <teg at jklm.no> пишет:

> On Mon, Jan 27, 2014 at 7:43 AM, Zbigniew Jędrzejewski-Szmek
> <zbyszek at in.waw.pl> wrote:
> > On Sun, Jan 26, 2014 at 09:16:13PM +0400, Andrey Borzenkov wrote:
> >> В Sun, 26 Jan 2014 17:23:54 +0100
> >> Tom Gundersen <teg at jklm.no> пишет:
> >>
> >> >
> >> > >> Unfortunately, setting KillMode=process is not allowed:
> >> > >>
> >> > >> Jan 26 17:12:30 linux-1a7f systemd[1]: user at 0.service has PAM enabled. Kill mode must be set to 'control-group'. Refusing.
> >> > >>
> >> > >> Probably user at .service should be exempt from this rule. It is supposed
> >> > >> to handle all services started by it itself, it *is* service manager
> >> > >> after all?
> >> >
> >> > I don't think we want any processes to survive the exit of
> >> > user at .service, so KillMode=process feels wrong. However, isn't the
> >> > problem that we are going into the "kill control-group" mode too soon,
> >> > before user at .serivce has had a chance of cleaning itself up
> >> > gracefully?
> >> >
> >>
> >> Yes.
> >>
> >> > > I rebuilt systemd without this restriction, set KillMode=process for
> >> > > user at .service and this fixed things here.
> >> > >
> >> > > So there are two problems associated with user instance.
> >> > >
> >> > > 1. Using KillMode=control-group is wrong. Each service managed by user
> >> > > instance has own requirements how it is stopped. Just sending everything
> >> > > SIGTERM without even trying service ExecStop first is obviously
> >> > > incorrect.
> >> >
> >> > I guess what we want is to first send SIGTERM only to the systemd
> >> > --user process, and only after a timeout start sending SIGTERM to all
> >> > the processes in the control group? I.e., wouldn't a ExecStop entry in
> >> > user at .service give us the required timeout?
> >> >
> >>
> >> Does not work. systemd sends SIGTERM as soon as ExecStop finished.
> > Looks like we need a setting like SendKillSignalTo=main-pid|all|control-pid.
> > Or something like that.
> >
> > Also the TimeoutStopSec on user at .service should be probably increased
> > to 10 min or so.
> >
> >> I believe someone already mentioned this problem. In general, we cannot
> >> assume that ExecStop is synchronous. It may just signal main process to
> >> exit. systemd should wait until $MAINPID exits (or timeout) before
> >> continuing further processing.
> > ExecStop is required to be synchronous, i.e. the service should be stopped
> > when it returns. /bin/kill is not going to work here.
> 
> Good point, I had missed that (I assumed there was a timeout). So
> something like a synchronous "systemctl --user stop" should do it, no?
> 

Yes, except "systemd --user" is defined only for a *current* user.
Extending it to "systemd --user=<UID>" would be a solution (it must be
numerical UID as nothing more is available in user at .service). I played
with su, but it does not work with UID - it want user name,