On Sun, May 29, 2016 at 12:53:26PM -0600, Kevin Fenzi wrote:
So, my 2 cents...
Some questions for upstream:
* I assume killed processes are logged in the journal, but Is there
any way to have a 'permissive' version? ie, simply log what would
have been killed, but not do anything? That would be very helpful to
folks to identify things that would be affected here without
disrupting them at first. It would also allow bugs in other packages
to get fixed up.
No, the killed processes are not logged, even at debug level, afaik.
PID1 simply loops over the control cgroup and sends signals.
I see how having a 'permissive' option could be useful.
* Does 'loginctl enable-linger <user>' take effect in
session? Or do you have to start a new one? does it persist over
sessions or only affects the current/next one?
Lingering applies to the systemd
--user instance, a.k.a. systemd@.service,
not to the session. Lingering means that systemd@.service is present
even if you are not logged in. If lingering is disabled, it is started
on login, and stopped on logout of that user.
Killing processes which are part of the session (session-<n>.scope)
doesn't have anything to do directly with lingering. It is controlled by
the global KillUserProcesses= setting.
The connection between KillUserProcesses= and long-running processes is
that if KillUserProcesses=yes is set (the new default), to successfully
create a process which survives logout two steps are needed:
1. move it out of the session into a systemd --user unit,
2. make that systemd --user instance persistent, i.e. enable lingering.
Setting lingering is done over dbus, takes effect immediately, and is
persistent (/var/lib/systemd/linger/<user> is created).
Setting KillUserProcesses can be done by modifying /etc/systemd/logind.conf,
and also takes effect immediately, if systemd-logind is reloaded
* How can I tell if linger is enabled or disabled on a user?
loginctl user-status <user>
loginctl show-user -p Linger <user>
* enable-linger/disable-linger need root? So, the only way the user
exclude things is to use systemd-run?
It is controlled through polkit. There are
org.freedesktop.login1.set-user-linger which by default requires admin privileges,
org.freedesktop.login1.set-self-linger which by default allow any user
to enable lingering for themselves.
So lingering (with the default policy) requires no privileges, just
an explicit enabling.
For the Fedora side:
I agree that it should be a F25 change so things can be coordinated and
so it has higher visibility for users. This would also allow time/a
chance for working groups to decide if they want to have a per edition
default that's different from the base one.
If something like a 'permissive' mode is possible, I would think it
would be nice to move rawhide to that for now, if not, I don't feel too
strongly either way on leaving it enabled for now. (On one hand
disruption for users, on the other hand rawhide users should all be
subscribed to this list and can change the default if they wish).
If we can handle the common cases, I think this is a lovely step