From a8b993dc11319292c54b301f3faffc4a05ab5ec1 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 21 Apr 2023 18:22:35 +0200 Subject: core: add DelegateSubgroup= setting This implements a minimal subset of #24961, but in a lot more restrictive way: we only allow one level of subcgroup (as that's enough to address the no-processes in inner cgroups rule), and does not change anything about threaded cgroup logic or similar, or make any of this new behaviour mandatory. All this does is this: all non-control processes we invoke for a unit we'll invoke in a subgroup by the specified name. We'll later port all our current services that use cgroup delegation over to this, i.e. user@.service, systemd-nspawn@.service and systemd-udevd.service. --- man/org.freedesktop.systemd1.xml | 28 ++++++++++++++++++++++++++++ man/systemd.resource-control.xml | 32 ++++++++++++++++++++++++++++---- 2 files changed, 56 insertions(+), 4 deletions(-) (limited to 'man') diff --git a/man/org.freedesktop.systemd1.xml b/man/org.freedesktop.systemd1.xml index e462c60636..f2e892671a 100644 --- a/man/org.freedesktop.systemd1.xml +++ b/man/org.freedesktop.systemd1.xml @@ -2713,6 +2713,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice { @org.freedesktop.DBus.Property.EmitsChangedSignal("false") readonly as DelegateControllers = ['...', ...]; @org.freedesktop.DBus.Property.EmitsChangedSignal("false") + readonly s DelegateSubgroup = '...'; + @org.freedesktop.DBus.Property.EmitsChangedSignal("false") readonly b CPUAccounting = ...; @org.freedesktop.DBus.Property.EmitsChangedSignal("false") readonly t CPUWeight = ...; @@ -3942,6 +3944,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice { + + @@ -4544,6 +4548,10 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice { memory controller is reached. It will take into consideration limits on all parent slices, other than the limits set on the unit itself. + DelegateSubgroup contains the cgroup subgroup to place invoked unit processes + in. As configured by the option of the same name in unit files. This is set to the empty string when it + does not apply or no subgroup has been configured. + RuntimeDirectorySymlink, StateDirectorySymlink, CacheDirectorySymlink and LogsDirectorySymlink respectively implement the destination parameter of the unit files settings RuntimeDirectory, @@ -4715,6 +4723,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket { @org.freedesktop.DBus.Property.EmitsChangedSignal("false") readonly as DelegateControllers = ['...', ...]; @org.freedesktop.DBus.Property.EmitsChangedSignal("false") + readonly s DelegateSubgroup = '...'; + @org.freedesktop.DBus.Property.EmitsChangedSignal("false") readonly b CPUAccounting = ...; @org.freedesktop.DBus.Property.EmitsChangedSignal("false") readonly t CPUWeight = ...; @@ -5936,6 +5946,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket { + + @@ -6588,6 +6600,8 @@ node /org/freedesktop/systemd1/unit/home_2emount { @org.freedesktop.DBus.Property.EmitsChangedSignal("false") readonly as DelegateControllers = ['...', ...]; @org.freedesktop.DBus.Property.EmitsChangedSignal("false") + readonly s DelegateSubgroup = '...'; + @org.freedesktop.DBus.Property.EmitsChangedSignal("false") readonly b CPUAccounting = ...; @org.freedesktop.DBus.Property.EmitsChangedSignal("false") readonly t CPUWeight = ...; @@ -7655,6 +7669,8 @@ node /org/freedesktop/systemd1/unit/home_2emount { + + @@ -8434,6 +8450,8 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap { @org.freedesktop.DBus.Property.EmitsChangedSignal("false") readonly as DelegateControllers = ['...', ...]; @org.freedesktop.DBus.Property.EmitsChangedSignal("false") + readonly s DelegateSubgroup = '...'; + @org.freedesktop.DBus.Property.EmitsChangedSignal("false") readonly b CPUAccounting = ...; @org.freedesktop.DBus.Property.EmitsChangedSignal("false") readonly t CPUWeight = ...; @@ -9473,6 +9491,8 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap { + + @@ -10111,6 +10131,8 @@ node /org/freedesktop/systemd1/unit/system_2eslice { @org.freedesktop.DBus.Property.EmitsChangedSignal("false") readonly as DelegateControllers = ['...', ...]; @org.freedesktop.DBus.Property.EmitsChangedSignal("false") + readonly s DelegateSubgroup = '...'; + @org.freedesktop.DBus.Property.EmitsChangedSignal("false") readonly b CPUAccounting = ...; @org.freedesktop.DBus.Property.EmitsChangedSignal("false") readonly t CPUWeight = ...; @@ -10456,6 +10478,8 @@ node /org/freedesktop/systemd1/unit/system_2eslice { + + @@ -10656,6 +10680,8 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope { @org.freedesktop.DBus.Property.EmitsChangedSignal("false") readonly as DelegateControllers = ['...', ...]; @org.freedesktop.DBus.Property.EmitsChangedSignal("false") + readonly s DelegateSubgroup = '...'; + @org.freedesktop.DBus.Property.EmitsChangedSignal("false") readonly b CPUAccounting = ...; @org.freedesktop.DBus.Property.EmitsChangedSignal("false") readonly t CPUWeight = ...; @@ -11051,6 +11077,8 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope { + + diff --git a/man/systemd.resource-control.xml b/man/systemd.resource-control.xml index f4e4a492a0..610c11feb3 100644 --- a/man/systemd.resource-control.xml +++ b/man/systemd.resource-control.xml @@ -1148,10 +1148,11 @@ DeviceAllow=/dev/loop-control Delegate= - Turns on delegation of further resource control partitioning to processes of the unit. Units where this - is enabled may create and manage their own private subhierarchy of control groups below the control group of - the unit itself. For unprivileged services (i.e. those using the User= setting) the unit's - control group will be made accessible to the relevant user. + Turns on delegation of further resource control partitioning to processes of the unit. Units + where this is enabled may create and manage their own private subhierarchy of control groups below + the control group of the unit itself. For unprivileged services (i.e. those using the + User= setting) the unit's control group will be made accessible to the relevant + user. When enabled the service manager will refrain from manipulating control groups or moving processes below the unit's control group, so that a clear concept of ownership is established: the @@ -1188,6 +1189,29 @@ DeviceAllow=/dev/loop-control + + DelegateSubgroup= + + + Place unit processes in the specified subgroup of the unit's control group. Takes a valid + control group name (not a path!) as parameter, or an empty string to turn this feature + off. Defaults to off. The control group name must be usable as filename and avoid conflicts with + the kernel's control group attribute files (i.e. cgroup.procs is not an + acceptable name, since the kernel exposes a native control group attribute file by that name). This + option has no effect unless control group delegation is turned on via Delegate=, + see above. Note that this setting only applies to "main" processes of a unit, i.e. for services to + ExecStart=, but not for ExecReload= and similar. If + delegation is enabled, the latter are always placed inside a subgroup named + .control. The specified subgroup is automatically created (and potentially + ownership is passed to the unit's configured user/group) when a process is started in it. + + This option is useful to avoid manually moving the invoked process into a subgroup after it + has been started. Since no processes should live in inner nodes of the control group tree it's + almost always necessary to run the main ("supervising") process of a unit that has delegation + turned on in a subgroup. + + + DisableControllers= -- cgit v1.2.1