[systemd-devel] [PATCH] units: use KillMode=process for systemd-nspawn at .service
Jonathan Liu
net147 at gmail.com
Wed May 28 08:07:11 PDT 2014
On 28/05/2014 10:32 PM, Zbigniew Jędrzejewski-Szmek wrote:
> On Wed, May 28, 2014 at 05:42:31PM +1000, Jonathan Liu wrote:
>> On 28 May 2014 14:06, David Timothy Strauss <david at davidstrauss.net> wrote:
>>> On Tue, May 27, 2014 at 10:55 PM, Jonathan Liu <net147 at gmail.com> wrote:
>>>> I suspect one downside is that if the container takes longer than the
>>>> timeout to shutdown then it will go on a SIGKILL-ing spree... which
>>>> could be a problem if a container process was in the middle of saving
>>>> to disk while shutting down.
>>> Is it reasonable to have no timeout, though? The weight (in terms of
>>> state and shutdown time) of what runs in most containers isn't more
>>> substantial than what runs in most services. It's not hard to override
>>> the instance if it's necessary to have a longer timeout or no timeout.
>> There is still a timeout with KillMode=process.
> It's not a question of timeouts, but of what is killed. With "process",
> only the main process itself is killed. Normally this should be enough,
> because the init in the container will kill eveything else. But if it
> malfunctions, other processes from the container could be left around.
> So we don't want that.
>
> But the default is "control-group", which does not seem right either
> in case of containers. IIUC, host's systemd will send SIGTERM to all
> processes in the container. We should probably be using "mixed" instead.
>
>> Killing systemd-nspawn kills the container processes as well.
>> I am just following the wiki at
>> http://fedoraproject.org/wiki/Features/SystemdLightweightContainers
> "mixed" was added in 209, much later than this page was written.
>
> Zbyszek
Okay, I will resubmit patch using KillMode=mixed.
Regards,
Jonathan
More information about the systemd-devel
mailing list