Bug 1729486 - not all processes are tracked via cgroup
Summary: not all processes are tracked via cgroup
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: systemd
Version: 7.5
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: systemd-maint
QA Contact: Frantisek Sumsal
Depends On:
TreeView+ depends on / blocked
Reported: 2019-07-12 11:58 UTC by Ondrej
Modified: 2019-07-17 08:17 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2019-07-17 08:17:41 UTC
Target Upstream Version:

Attachments (Terms of Use)

Description Ondrej 2019-07-12 11:58:11 UTC
Description of problem:
I a simple script which starts 3 daemons. Each commands immediately becomes a daemon and detaches (so PPID of each is "1"):

sleep forever

which I start via systemd. Starting works fine

systemctl start myservice
and see all 3 daemons are running

however, "systemctl status myservice" only shows PID of the shell above.
Also "systemctl stop myservice" does not do anything at all

Version-Release number of selected component (if applicable):

How reproducible:

Actual results:
deamons started from a custom script are not tracked via cgroup

Expected results:
"systemctl status" should also display PIDs of the detached daemons
"systemctl stop" should send SIGKILL to all processes started from my script

Comment 2 Ondrej 2019-07-12 12:11:54 UTC
right. I know the answer.
It happens because I start the daemons via:
su <service_user> -c command1
su <service_user> -c command2
su <service_user> -c command3

Once I introduced "User=service_user" in my unit file and got rid of the "su", it all started working as I expected.
So it looks like there is a way for a process to escape from a cgroup it was started in, right?

Comment 3 David Tardon 2019-07-17 08:17:41 UTC
su opens (via pam_systemd.so) a new scope under the user's slice; every process started by su will run in that scope. So it works as expected.

Note You need to log in before you can comment on or make changes to this bug.