[systemd-devel] Controlling user processes with systemd+cgroups
Lennart Poettering
lennart at poettering.net
Sun Sep 6 07:14:13 PDT 2015
On Thu, 03.09.15 14:57, Benjamin Rose (benrose at math.princeton.edu) wrote:
> As far as I can tell, systemd-logind when included through PAM, only makes a
> cgroup like "user-<uid>" under the user slice. But I am looking to make this
> based not only on user ID, but also group ID. Is there any way to achieve
> all of this within systemd?
This is currently not possible, but certainly something we'd like to
cover eventually. The way we'd like to see this implemented someday
though is through an extensible user database that actually would
allow us to attach slice information to a user directly.
Currently, because we have no way to store nicely for each user which
slice it shall be attached to we will attach all logged in users to
the same "user.slice". In an ideal world, where the user database is
synchronized from an LDAP server the slice information belongs onto
the LDAP server as well. However, there's no commonly accepted
implementation and API for this on Linux, which we could use to query
such an additional user field from logind.
Ultimately our goal is that you build your tree of slices, and then
freely attach users, services, containers, VMs to these slices at the
places you want them. You can already do that nicely for services and
containers (at least for nspawn containers), but for users this is
really missing.
Sorry,
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list