systemd (Was Re: tmpfs for strategic directories)

Lennart Poettering mzerqung at 0pointer.de
Wed May 26 13:55:28 UTC 2010 

On Wed, 26.05.10 14:01, Tomasz Torcz (tomek at pipebreaker.pl) wrote:

> On Wed, May 26, 2010 at 01:26:48PM +0200, Lennart Poettering wrote:
> > > The problem we've found is that cgroups are too aggressive. They don't have a
> > > notion of sessions and count too much as being part of your service, so you end
> > > up with your screen session being counted as part of gdm.
> > 
> > 
> > The per-user cgroups are controlled via a PAM module. That way there's
> > finally a nice way how we can reliably clean up behind a user when he logs out:
> > we just kill his complete cgroup and he's gone.
> 
>   You are avoiding the question: what about screen sessions? Whole
> point of screen is to stay after logout, and by killing cgroup you
> nullify it.

Well, that depends on configuration. 

Many admins will probably like it if they have an easy control that
allows them to enforce that a user doesn't continue running processes
after he is logged out. For example, in an university network it is
probably a good idea to enforce something like that on workstation
machines.

And in other cases (i.e. central login servier) you might want to allow
screen and suchlike, i.e. processes continuing to run after the user
logged out. But then, when you delete a user you still want a nice way
to kill all his processes.

And in both cases you still might want to enforce resources limitations
on the various users. Hence grouping user processes in proper cgroups is
really useful, even if you ultimately don't enable the "kil user group
on last logout" checkbox.

So, the cgroups stuff allows you to do a lot of stuff we couldn't do
before. But that doesn't mean all of it is useful in all cases.

In systemd you can choose individually for each unit whether you want to
allow it to continue run processes on shut down, whether you want the
main process killed, the process group to be killed or the cgroup to be
killed.

Lennart

-- 
Lennart Poettering                        Red Hat, Inc.
lennart [at] poettering [dot] net
http://0pointer.net/lennart/           GnuPG 0x1A015CC4

More information about the devel mailing list