[systemd-devel] how to prevent systemd-logind from moving process to other cgroups when executing su command
Lennart Poettering
lennart at poettering.net
Tue May 25 16:27:59 UTC 2021
On Di, 25.05.21 22:23, 吾为男子 (csrenren at qq.com) wrote:
> Systemd provides pam_systemd.so for PAM module and for many
> commands, such as su command, pam_systemd.so will be called and the
> process will be moved to the cgroup that systemd managed.
>
> Generally, if we move the bash process from its related session
> cgroup created by systemd under /sys/fs/cgroup/systemd/user.slice to
> some other cgroup, then systemd will move the new bash process into
> a new group named as session-cxxxx.scope under
> /sys/fs/cgroup/systemd/user.slice after executing su command.
>
> We would like to manage the cgroups for a set of processes created
> by ourselves, how to prevent systemd to do such routines, without
> disabling pam_systemd in PAM module.
This is simply not supported by systemd. If you use systemd then it is
systemd that manages the cgroup tree for you. You may request a
delegated subtree you can manage your own stuff in, but the top-level
of the tree is always owned and controlled by systemd and if you
interfere with it, you get to keep the pieces.
This is explained here:
https://systemd.io/CGROUP_DELEGATION
Sorry if this is disappointing,
Lennart
--
Lennart Poettering, Berlin
More information about the systemd-devel
mailing list