Bug#846627: Debian RT: systemd v230 in backports writes incorrect transient scope

Dao Quang Minh dqminh89 at gmail.com
Fri Dec 2 18:57:00 GMT 2016 

Package: systemd
Version: 230-7~bpo8+2

When systemd is instructed to run a transient unit, it writes the unit's
data
to `/run/systemd/system`. systemd v230 writes this data incorrectly. Also a
side-effect of this is that `systemctl daemon-reload` then `systemctl
restart
some-service` were observed to wipe some cgroup settings of containers (very
bad).

$ sudo systemd-run -p MemoryLimit=1024000 -p CPUShares=1024 sleep infinity
Running as unit: run-r8a3743115ea443e798f0656bc828d246.service

$ cat /run/systemd/transient/run-r8a3743115ea443e798f0656bc828d246.service
# This is a transient unit file, created programmatically via the systemd
API. Do not edit.
[Unit]
Description=/bin/sleep infinity
[Service]
MemoryLimit=1024000[Service]
CPUShares=1024[Service]
ExecStart=
ExecStart=@/bin/sleep "/bin/sleep" "infinity"

Notice that the file is missing new lines. The same thing also happen if you
run a docker container for example

$ cat
/run/systemd/transient/docker-a0cb3f641a9fc522c1ba8fca3b67ee2a82d29c1afcff3b50480713cbb4d28c05.scope
# This is a transient unit file, created programmatically via the systemd
API. Do not edit.
[Scope]
Slice=system.slice
[Unit]
Description=docker container
a0cb3f641a9fc522c1ba8fca3b67ee2a82d29c1afcff3b50480713cbb4d28c05
[Scope]
Delegate=yes[Scope]
MemoryAccounting=yes[Scope]
CPUAccounting=yes[Scope]
BlockIOAccounting=yes[Unit]
DefaultDependencies=no
[Scope]
MemoryLimit=10737418240[Scope]
CPUShares=1024

On a systemd v230 host, i can use the following script to reproduce the
reset
of cgroup settings:


```
#!/bin/bash

set -e

rm wtf.cid || true
docker rm -f testwtf || true
wanted=10737418240
docker run --name testwtf -d --memory $wanted --cpu-shares 1024 --cidfile
wtf.cid debian:jessie sleep infinity
cid=$(cat wtf.cid)
memlimit_file="/sys/fs/cgroup/memory/system.slice/docker-$cid.scope/memory.limit_in_bytes"

current_limit=$(cat $memlimit_file)
echo "current limit: $current_limit, started"

# start looping daemon-reload
num_run=$1
for i in $(seq 1 $num_run); do
        sudo systemctl daemon-reload
        sudo systemctl restart cups
        current_limit=$(cat $memlimit_file)
        echo "current limit: $current_limit, wanted $wanted"
        if [ "$current_limit" != "$wanted" ]; then
                echo "unexpected limit, dead"
                exit 1
        fi
        sleep 0.5
done
```

This prints out:

```
testwtf
a919c8fcab91966962922c44ae86711c1cada4e38f4b7124c185e8dcbf0d8077
current limit: 10737418240, started
current limit: 9223372036854771712, wanted 10737418240
unexpected limit, dead
```

I expect it to run successfully without resetting the cgroup limit of the
container.

I suggest that we bump systemd in backports to v231 or somehow backport
relevant patches.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-systemd-maintainers/attachments/20161202/de25bd6d/attachment.html>

More information about the Pkg-systemd-maintainers mailing list