[systemd-devel] [PATCH] units: use KillMode=process for systemd-nspawn at .service

[Zbigniew Jędrzejewski-Szmek]

On Wed, May 28, 2014 at 05:42:31PM +1000, Jonathan Liu wrote:
> On 28 May 2014 14:06, David Timothy Strauss <david at davidstrauss.net> wrote:
> > On Tue, May 27, 2014 at 10:55 PM, Jonathan Liu <net147 at gmail.com> wrote:
> >> I suspect one downside is that if the container takes longer than the
> >> timeout to shutdown then it will go on a SIGKILL-ing spree... which
> >> could be a problem if a container process was in the middle of saving
> >> to disk while shutting down.
> >
> > Is it reasonable to have no timeout, though? The weight (in terms of
> > state and shutdown time) of what runs in most containers isn't more
> > substantial than what runs in most services. It's not hard to override
> > the instance if it's necessary to have a longer timeout or no timeout.
> 
> There is still a timeout with KillMode=process.
It's not a question of timeouts, but of what is killed. With "process",
only the main process itself is killed. Normally this should be enough,
because the init in the container will kill eveything else. But if it
malfunctions, other processes from the container could be left around.
So we don't want that.

But the default is "control-group", which does not seem right either
in case of containers. IIUC, host's systemd will send SIGTERM to all
processes in the container. We should probably be using "mixed" instead.

> Killing systemd-nspawn kills the container processes as well.
> I am just following the wiki at
> http://fedoraproject.org/wiki/Features/SystemdLightweightContainers
"mixed" was added in 209, much later than this page was written.

Zbyszek