Bug 1729486

Summary: not all processes are tracked via cgroup
Product: Red Hat Enterprise Linux 7 Reporter: Ondrej <ondrej.valousek>
Component: systemdAssignee: systemd-maint
Status: CLOSED NOTABUG QA Contact: Frantisek Sumsal <fsumsal>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.5CC: dtardon, jsynacek, systemd-maint-list
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-07-17 08:17:41 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ondrej 2019-07-12 11:58:11 UTC 
Description of problem:
I a simple script which starts 3 daemons. Each commands immediately becomes a daemon and detaches (so PPID of each is "1"):

#!/bin/bash
daemon1
daemon2
daemon3
sleep forever


which I start via systemd. Starting works fine

systemctl start myservice
and see all 3 daemons are running

however, "systemctl status myservice" only shows PID of the shell above.
Also "systemctl stop myservice" does not do anything at all


Version-Release number of selected component (if applicable):
systemd-219-62.el7_6.7.x86_64

How reproducible:
always

Actual results:
deamons started from a custom script are not tracked via cgroup

Expected results:
"systemctl status" should also display PIDs of the detached daemons
"systemctl stop" should send SIGKILL to all processes started from my script
Comment 2 Ondrej 2019-07-12 12:11:54 UTC 
right. I know the answer.
It happens because I start the daemons via:
su <service_user> -c command1
su <service_user> -c command2
su <service_user> -c command3

Once I introduced "User=service_user" in my unit file and got rid of the "su", it all started working as I expected.
So it looks like there is a way for a process to escape from a cgroup it was started in, right?
Comment 3 David Tardon 2019-07-17 08:17:41 UTC 
su opens (via pam_systemd.so) a new scope under the user's slice; every process started by su will run in that scope. So it works as expected.