Bug 1729486 - not all processes are tracked via cgroup
Summary: not all processes are tracked via cgroup
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: systemd
Version: 7.5
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: systemd-maint
QA Contact: Frantisek Sumsal
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-07-12 11:58 UTC by Ondrej
Modified: 2019-07-17 08:17 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-07-17 08:17:41 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Ondrej 2019-07-12 11:58:11 UTC
Description of problem:
I a simple script which starts 3 daemons. Each commands immediately becomes a daemon and detaches (so PPID of each is "1"):

#!/bin/bash
daemon1
daemon2
daemon3
sleep forever


which I start via systemd. Starting works fine

systemctl start myservice
and see all 3 daemons are running

however, "systemctl status myservice" only shows PID of the shell above.
Also "systemctl stop myservice" does not do anything at all


Version-Release number of selected component (if applicable):
systemd-219-62.el7_6.7.x86_64

How reproducible:
always

Actual results:
deamons started from a custom script are not tracked via cgroup

Expected results:
"systemctl status" should also display PIDs of the detached daemons
"systemctl stop" should send SIGKILL to all processes started from my script

Comment 2 Ondrej 2019-07-12 12:11:54 UTC
right. I know the answer.
It happens because I start the daemons via:
su <service_user> -c command1
su <service_user> -c command2
su <service_user> -c command3

Once I introduced "User=service_user" in my unit file and got rid of the "su", it all started working as I expected.
So it looks like there is a way for a process to escape from a cgroup it was started in, right?

Comment 3 David Tardon 2019-07-17 08:17:41 UTC
su opens (via pam_systemd.so) a new scope under the user's slice; every process started by su will run in that scope. So it works as expected.


Note You need to log in before you can comment on or make changes to this bug.