1729486 – not all processes are tracked via cgroup

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1729486 - not all processes are tracked via cgroup

Summary: not all processes are tracked via cgroup

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	systemd
Sub Component:
Version:	7.5
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	systemd-maint
QA Contact:	Frantisek Sumsal
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2019-07-12 11:58 UTC by Ondrej
Modified:	2019-07-17 08:17 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2019-07-17 08:17:41 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Ondrej 2019-07-12 11:58:11 UTC

Description of problem:
I a simple script which starts 3 daemons. Each commands immediately becomes a daemon and detaches (so PPID of each is "1"):

#!/bin/bash
daemon1
daemon2
daemon3
sleep forever


which I start via systemd. Starting works fine

systemctl start myservice
and see all 3 daemons are running

however, "systemctl status myservice" only shows PID of the shell above.
Also "systemctl stop myservice" does not do anything at all


Version-Release number of selected component (if applicable):
systemd-219-62.el7_6.7.x86_64

How reproducible:
always

Actual results:
deamons started from a custom script are not tracked via cgroup

Expected results:
"systemctl status" should also display PIDs of the detached daemons
"systemctl stop" should send SIGKILL to all processes started from my script

Comment 2 Ondrej 2019-07-12 12:11:54 UTC

right. I know the answer.
It happens because I start the daemons via:
su <service_user> -c command1
su <service_user> -c command2
su <service_user> -c command3

Once I introduced "User=service_user" in my unit file and got rid of the "su", it all started working as I expected.
So it looks like there is a way for a process to escape from a cgroup it was started in, right?

Comment 3 David Tardon 2019-07-17 08:17:41 UTC

su opens (via pam_systemd.so) a new scope under the user's slice; every process started by su will run in that scope. So it works as expected.

Note You need to log in before you can comment on or make changes to this bug.