Bug#989317: systemd kill background processes after user logs out (#825394 regression)

Tue Jun 8 19:02:16 BST 2021

Am 08.06.2021 um 19:05 schrieb Matt Corallo:
> 
> 
> On 6/8/21 12:31, Michael Biebl wrote:
>> Am 08.06.2021 um 18:08 schrieb Matt Corallo:
>>> Hmmm, with set-linger and --scope I can't seem to reproduce now 
>>> either, its possible I had forgotten the --scope at some point while 
>>> testing set-linger before, sorry for the noise here.
>>>
>>> Still, based on my read of #825394, it seems like it should be the 
>>> case that you do not need set-linger and the default behavior should 
>>> be that things aren't automatically killed in the background? Is that 
>>> something that was an intentional change?
>>
>> Change to what exactly?
>>
>> I guess we need to differentiate between login and user sessions.
>> It's my understanding that KillUserProcesses= only affects a login 
>> session.
> 
> I admit I am definitely not a systemd expert (which I suppose should be 
> obvious by now :) ), so have no idea what this means, and systemd-run's 
> man page doesn't really elucidate it. Not Debian's or your problem, of 
> course, though.
> 
>> If you start a process as part of a user session (which is what 
>> systemd-run --user does), ending that user session will stop that 
>> process.
> 
> Is there an alternate way to run things that lxc should instead be 
> recommending? In my interactions with the lxc folks it seems this 
> workaround is only relevant for Debian bullseye, so maybe other distros 
> are patching systemd or changing cgroup settings such that interacting 
> with systemd isn't required.

Are you sure? Which distros are that? Which exact version of that distro?

> Similar to the discussion in 825394, having daemons  spontaneously 
> killed is incredibly surprising, maybe it makes sense to enable-linger 
> by default?

That's not a good idea I think.
Starting long running daemons from a user session is not the norm, I'd 
argue.

>  > Did you use systemd-run in buster to start your lxc containers?
>  > You need to be very explicit, otherwise I can only guess what exactly 
> you were/are doing.
> 
> No, but also didn't need to, its only with bullseye that (systemd's ?) 
> cgroup settings prevent direct calls to lxc-start, which is what makes 
> the whole thing such a mess - one cannot simply call lxc functions 
> anymore because systemd gets in the way. Using systemd for this, sadly, 
> is an excercize in puzzling through man pages and lack of documentation 
> for how to do any of this (half of the lxc docs for how to do this are 
> because I had to ask lxc maintainers how to do basic lxc things with 
> bullseye).

bullseye changed to cgroupv2 (see systemd's NEWS entry [1]). Other 
distros (like Fedora) made that switch a while ago

Maybe the best that can be done here is to document in lxc's 
README.Debian, that if you use unprivileged containers and you use 
systemd-run, you should also use linger if you want those daemons to 
persist.

In any case, I'm not sure there remains anything to be done on the 
systemd side. Afaics, everything behaves as documented.

Michael

[1] 
https://salsa.debian.org/systemd-team/systemd/-/blob/debian/master/debian/systemd.NEWS#L1

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20210608/be7baf03/attachment.sig>