[systemd-devel] Antw: Re: Antw: Re: failing unmounts during reboot

Ulrich Windl Ulrich.Windl at rz.uni-regensburg.de
Mon Jul 29 12:05:38 UTC 2019 

>>> Lennart Poettering <lennart at poettering.net> schrieb am 29.07.2019 um 13:53
in
Nachricht <20190729115308.GA19185 at gardel-login>:
> On Mo, 29.07.19 08:17, Ulrich Windl (Ulrich.Windl at rz.uni‑regensburg.de)
wrote:
> 
>> >> What this "solution" fails to see is that any user can start a
>> >> process that may prevent clean unmount. It's completely far away
>> >> from reality to believe that such a user will write (or even know
>> >> how to write) a systemd service!
>> >
>> > We automatically kill all unpriv user programs on shutdown.
>>
>> Which part of systemd does that? And is that "rather new"?
> 
> PID 1 does that. All sessions are managed as so called "scope" units
> by PID 1, that's why they show up in "systemct ‑t scope". These scope
> units are ordered so that they are terminated before the system goes
> down. For example, I am currently logged in as session "1" on my
> machine, hence:
> 
> <snip>
> $ systemctl cat session‑1.scope
> # /run/systemd/transient/session‑1.scope
> # This is a transient unit file, created programmatically via the systemd 
> API. Do not edit.
> [Scope]
> Slice=user‑1000.slice
> 
> [Unit]
> Description=Session 1 of user lennart
> Wants=user‑runtime‑dir at 1000.service 
> Wants=user at 1000.service 
> After=systemd‑logind.service
> After=systemd‑user‑sessions.service
> After=user‑runtime‑dir at 1000.service 
> After=user at 1000.service 
> RequiresMountsFor=/home/lennart
> 
> [Scope]
> SendSIGHUP=yes
> TasksMax=infinity
> </snip>
> 
> Key here is that these scope units are ordered after
> systemd‑user‑sessions.service, which also means they are terminated
> before that service is terminated (since in systemd the shutdown order
> is always the inverse of the startup order).

I'm afraid the original answer was wrong: "We automatically kill all unpriv
user programs on shutdown."
If a user started a process outside of systemd, systemd does not list that.
I'm also surprised who _few_ scopes are being shown:
 # systemctl -t scope --all
UNIT               LOAD   ACTIVE SUB       DESCRIPTION
init.scope         loaded active running   System and Service Manager
session-178.scope  loaded active abandoned Session 178 of user windl
session-3180.scope loaded active running   Session 3180 of user windl

LOAD   = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB    = The low-level unit activation state, values depend on unit type.

3 loaded units listed.
To show all installed unit files use 'systemctl list-unit-files'.

Where is the rest?

Also, the "abandonded" session has a process that is very much active:
# cat /proc/16413/cgroup
12:freezer:/
11:hugetlb:/
10:rdma:/
9:cpuset:/
8:memory:/
7:devices:/user.slice
6:perf_event:/
5:pids:/user.slice/user-1025.slice/session-178.scope
4:net_cls,net_prio:/
3:cpu,cpuacct:/
2:blkio:/
1:name=systemd:/user.slice/user-1025.slice/session-178.scope

I still fail to understand.

Regards,
Ulrich Windl

More information about the systemd-devel mailing list