diff options
author | Lennart Poettering <lennart@poettering.net> | 2012-04-13 23:24:47 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2012-04-13 23:29:59 +0200 |
commit | ecedd90fcdf647f9a7b56b4934b65e30b2979b04 (patch) | |
tree | 6e8bc8e509801a7c3801c1e77244df6dec72ac1c /src/core/socket.c | |
parent | 3b6d9a7c50bd7217a0ca80d39fd30decbb0c935a (diff) | |
download | systemd-ecedd90fcdf647f9a7b56b4934b65e30b2979b04.tar.gz |
service: place control command in subcgroup control/
Previously, we were brutally and onconditionally killing all processes
in a service's cgroup before starting the service anew, in order to
ensure that StartPre lines cannot be misused to spawn long-running
processes.
On logind-less systems this has the effect that restarting sshd
necessarily calls all active ssh sessions, which is usually not
desirable.
With this patch control processes for a service are placed in a
sub-cgroup called "control/". When starting a service anew we simply
kill this cgroup, but not the main cgroup, in order to avoid killing any
long-running non-control processes from previous runs.
https://bugzilla.redhat.com/show_bug.cgi?id=805942
Diffstat (limited to 'src/core/socket.c')
-rw-r--r-- | src/core/socket.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/src/core/socket.c b/src/core/socket.c index 37a0236156..a439717651 100644 --- a/src/core/socket.c +++ b/src/core/socket.c @@ -1150,6 +1150,7 @@ static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) { UNIT(s)->manager->confirm_spawn, UNIT(s)->cgroup_bondings, UNIT(s)->cgroup_attributes, + NULL, &pid); strv_free(argv); @@ -1240,7 +1241,8 @@ static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) { if ((r = set_put(pid_set, LONG_TO_PTR(s->control_pid))) < 0) goto fail; - if ((r = cgroup_bonding_kill_list(UNIT(s)->cgroup_bondings, sig, true, pid_set)) < 0) { + r = cgroup_bonding_kill_list(UNIT(s)->cgroup_bondings, sig, true, pid_set, NULL); + if (r < 0) { if (r != -EAGAIN && r != -ESRCH && r != -ENOENT) log_warning("Failed to kill control group: %s", strerror(-r)); } else if (r > 0) @@ -2127,7 +2129,8 @@ static int socket_kill(Unit *u, KillWho who, KillMode mode, int signo, DBusError goto finish; } - if ((q = cgroup_bonding_kill_list(UNIT(s)->cgroup_bondings, signo, false, pid_set)) < 0) + q = cgroup_bonding_kill_list(UNIT(s)->cgroup_bondings, signo, false, pid_set, NULL); + if (q < 0) if (q != -EAGAIN && q != -ESRCH && q != -ENOENT) r = q; } |