[systemd-devel] systemd-run --user when lingering is disabled.

Lennart Poettering lennart at poettering.net
Mon Sep 9 12:22:27 UTC 2024 

On Mo, 09.09.24 13:12, Steve Traylen (steve.traylen at cern.ch) wrote:

>
> Example with lingering **disabled**
>
> root>  systemd-run  --service-type=exec   --user  --machine eric at .host
> /usr/bin/sleep 1m
>
> With this
>
> The systemd --user instance is started for Eric and also the sleep is
> started.
>
> However after < 10 seconds or so the transient unit and user service is all
> shutdown taking the sleep with it.
>
> Logs:
>
> Sep 09 12:54:43 fedora systemd[1]: Created slice user-1001.slice - User
> Slice of UID 1001.
> Sep 09 12:54:43 fedora systemd[1]: Starting user-runtime-dir at 1001.service -
> User Runtime Directory /run/user/1001...
> Sep 09 12:54:43 fedora systemd[1]: Finished user-runtime-dir at 1001.service -
> User Runtime Directory /run/user/1001.
> Sep 09 12:54:43 fedora systemd[1]: Started user at 1001.service - User Manager
> for UID 1001.
>
> Sep 09 12:54:43 fedora dbus-broker-launch[5340]: Ready
> Sep 09 12:54:43 fedora systemd[5318]: Starting run-u0.service -
> /usr/bin/sleep 1m...
> Sep 09 12:54:43 fedora systemd[5318]: Started run-u0.service -
> /usr/bin/sleep 1m.
> Sep 09 12:54:43 fedora (sd-pam)[5338]: pam_selinux(login:session): Setting
> file context "unconfined_u:object_r:user_devpts_t:s0" failed for /dev/pts/1:
> Operation not permitted
> Sep 09 12:54:43 fedora systemd[1]: run-u262.service: Deactivated
> successfully.
> Sep 09 12:54:43 fedora audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295
> ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=run-u262
> comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=?
> res=success'
> Sep 09 12:54:43 fedora (sd-pam)[5338]: pam_unix(login:session): session
> closed for user eric
> Sep 09 12:54:43 fedora systemd[1]: session-26.scope: Deactivated
> successfully.
>
> ...
> Sep 09 12:54:53 fedora systemd[1]: Stopping user at 1001.service - User Manager
> for UID 1001...
> Sep 09 12:54:53 fedora systemd[5318]: Activating special unit exit.target...
>
>
> I would have hoped the `systemd --user` instance to hang around as long as
> systemd-run sleep invocation.

Then use lingering.

By default a user's service manager is stopped after their last
session ends. (We do not act immediately on that however, but with a
10s delay, as you rmight notice, to optimize for cases where people
quickly log out/log back in via ssh in scripts or suchlike).

This is supposed to be a security feature to some degree: not allowing
users to consume unbounded resources on a system without actually
being logged in.

If you actually want to allow this, then enable lingering, it's
precisely the usecase it is intended for.

Lennart

--
Lennart Poettering, Berlin

More information about the systemd-devel mailing list