[Bug 1132462] New: Setting KillUserProcesses=yes w/o effect
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462 Bug ID: 1132462 Summary: Setting KillUserProcesses=yes w/o effect Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.0 Hardware: x86-64 OS: SUSE Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: bnc-team-screening@forge.provo.novell.com Reporter: piny@gmx.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Setting KillUserProcesses=yes in /etc/systemd/logind.conf does not effect user processes to be killed on logout. Example: Create new user, login, logout, check for surviving processes: # useradd -m charly # passwd charly (lock screen) (switch user - start new session - different user) (login as charly - logout) (return to inital session) # ps -u charly PID TTY TIME CMD 6996 ? 00:00:00 baloo_file # userdel -r charly userdel: user charly is currently used by process 6996 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462 http://bugzilla.opensuse.org/show_bug.cgi?id=1132462#c8 --- Comment #8 from Pi Ny <piny@gmx.com> --- (In reply to Franck Bui from comment #7)
(In reply to Pi Ny from comment #6)
peter@nue-p1:~> sudo ps -u charly [sudo] password for root: PID TTY TIME CMD 3927 ? 00:00:00 screen 3928 pts/3 00:00:00 bash
(-> session survived logout!)
It works as expected here, the session is cleared after following your test case.
Are you sure you set KillUserProcesses=yes for "nue-p1" ?
just to be sure: nue-p1:~ # grep -v "^#" /etc/systemd/logind.conf [Login] KillUserProcesses=yes KillExcludeUsers=root -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462 http://bugzilla.opensuse.org/show_bug.cgi?id=1132462#c9 --- Comment #9 from Pi Ny <piny@gmx.com> --- (In reply to Franck Bui from comment #7)
It works as expected here, the session is cleared after following your test case.
From what I understand about the purpose of `screen` I would expect it to survive a logout after being detached from a terminal.
So, if `screen` finds a mechanism to survive the systemd-setting to kill all user processes on logout, could this `baloo_file` make use of a similar mechanism? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462 http://bugzilla.opensuse.org/show_bug.cgi?id=1132462#c10 --- Comment #10 from Franck Bui <fbui@suse.com> --- (In reply to Pi Ny from comment #9)
From what I understand about the purpose of `screen` I would expect it to survive a logout after being detached from a terminal.
Correct but if KillUserProcesses=yes then it should be killed anyway.
So, if `screen` finds a mechanism to survive the systemd-setting to kill all user processes on logout, could this `baloo_file` make use of a similar mechanism?
I don't think so, the fact that in your case screen survives from a logout with KillUserProcesses=yes is unexpected and shouldn't happen. BTW why did you use a "circular ssh sessions" (your words) ? Can you still recreate your issue with a "direct" ssh login ? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462 http://bugzilla.opensuse.org/show_bug.cgi?id=1132462#c11 --- Comment #11 from Pi Ny <piny@gmx.com> --- Created attachment 804200 --> http://bugzilla.opensuse.org/attachment.cgi?id=804200&action=edit test case no. 3 -- You are receiving this mail because: You are on the CC list for the bug.
Can you still recreate your issue with a "direct" ssh login ?
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462 http://bugzilla.opensuse.org/show_bug.cgi?id=1132462#c12 --- Comment #12 from Pi Ny <piny@gmx.com> --- (In reply to Franck Bui from comment #10) please refer to the attachment test case no. 3. result appears to be the same? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462 http://bugzilla.opensuse.org/show_bug.cgi?id=1132462#c13 --- Comment #13 from Franck Bui <fbui@suse.com> ---
From your logs:
charly@nue-p1:~> screen -S TstSess02 (terminal clears) charly@nue-p1:~> screen -ls There is a screen on: 30023.TstSess03 (Attached) There is something wrong here: you asked the screen session to be named "TstSess02" but it was named "TstSess03"... that's weird. Can you do this test again with the debug logs enabled ? You need to reboot and add to the kernel command line the following option: "debug printk.devkmsg=on". Once your testing is complete please *attach* the ouput of "journalctl -b -oshort-monotonic". -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462 http://bugzilla.opensuse.org/show_bug.cgi?id=1132462#c14 --- Comment #14 from Pi Ny <piny@gmx.com> --- (In reply to Franck Bui from comment #13)
There is something wrong here: you asked the screen session to be named "TstSess02" but it was named "TstSess03"... that's weird. I apologize for this misleading log. In order to rerun the session as close a possible I copy/pasted commands, comments and results between windows. There I seem to have missed such a 02-03 change - sorry. Nevertheless the log should reflect the behavior.
-- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462 http://bugzilla.opensuse.org/show_bug.cgi?id=1132462#c15 --- Comment #15 from Pi Ny <piny@gmx.com> --- (In reply to Franck Bui from comment #13)
Can you do this test again with the debug logs enabled ?
You need to reboot and add to the kernel command line the following option: "debug printk.devkmsg=on".
Once your testing is complete please *attach* the ouput of "journalctl -b -oshort-monotonic".
I am off site for the rest of the week so have no second machine availiable to do this remote logon task - sorry. I will repeat the test as indicated next weekend! -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462 http://bugzilla.opensuse.org/show_bug.cgi?id=1132462#c16 --- Comment #16 from Pi Ny <piny@gmx.com> --- (In reply to Franck Bui from comment #13)
Can you do this test again with the debug logs enabled ?
You need to reboot and add to the kernel command line the following option: "debug printk.devkmsg=on".
Once your testing is complete please *attach* the ouput of "journalctl -b -oshort-monotonic".
Please find attached the log of the session <<issue_systemd-logout_2019-05-12>> as well as the requested <<journalctl_-b_-oshort-monotonic.log>> -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462 http://bugzilla.opensuse.org/show_bug.cgi?id=1132462#c17 --- Comment #17 from Pi Ny <piny@gmx.com> --- Created attachment 804824 --> http://bugzilla.opensuse.org/attachment.cgi?id=804824&action=edit issue_systemd-logout_2019-05-12 session log -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462 http://bugzilla.opensuse.org/show_bug.cgi?id=1132462#c18 --- Comment #18 from Pi Ny <piny@gmx.com> --- Created attachment 804825 --> http://bugzilla.opensuse.org/attachment.cgi?id=804825&action=edit journalctl_-b_-oshort-monotonic.log output of `journalctl -b_-oshort-monotonic` -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462 http://bugzilla.opensuse.org/show_bug.cgi?id=1132462#c19 --- Comment #19 from Franck Bui <fbui@suse.com> --- Thanks.
From the logs you provided:
[ 467.018796] nue-p1.nue.private systemd[1]: Got message type=method_call sender=:1.4 destination=org.freedesktop.systemd1 object=session_2d4_2escope interface=Scope member=Abandon cookie=144 reply_cookie=0 error=n/a [ 467.019310] nue-p1.nue.private systemd[1]: session-4.scope: cgroup is empty [ 467.019481] nue-p1.nue.private systemd[1]: session-4.scope changed running -> dead [ 467.019650] nue-p1.nue.private systemd[1]: session-4.scope: Failed to destroy cgroup /user.slice/user-1002.slice/session-4.scope, ignoring: Device or resource busy
For some reasons the session scope appears to be empty whereas it should contain at least the screen process as well as the shell used to spawn screen... Can you inspect the session status before logging out ? So after:
charly@nue-p1:~> loginctl SESSION UID USER SEAT TTY 4 1002 charly 1 481 sddm seat0
2 sessions listed. charly@nue-p1:~> screen -S TstSess04
(terminal clears)
can you run "loginctl session-status 4" and show the ouptut ? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462 http://bugzilla.opensuse.org/show_bug.cgi?id=1132462#c20 --- Comment #20 from Franck Bui <fbui@suse.com> --- BTW which version of systemd are you using ? (rpm -q systemd) -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462 http://bugzilla.opensuse.org/show_bug.cgi?id=1132462#c21 --- Comment #21 from Pi Ny <piny@gmx.com> --- Created attachment 805438 --> http://bugzilla.opensuse.org/attachment.cgi?id=805438&action=edit session log 2019-05-19 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462 http://bugzilla.opensuse.org/show_bug.cgi?id=1132462#c22 --- Comment #22 from Pi Ny <piny@gmx.com> --- (In reply to Franck Bui from comment #19)
can you run "loginctl session-status 4" and show the ouptut ?
The output (here it is session 3) is ``` charly@nue-p1:~> loginctl session-status 3 3 - charly (1002) Since: Sun 2019-05-19 23:45:21 CEST; 2min 58s ago Leader: 2575 (sshd) Remote: 10.149.84.103 Service: sshd; type tty; class user State: active Unit: session-3.scope ├─2575 sshd: charly [priv] ├─2584 sshd: charly@pts/0 ├─2585 -bash ├─2628 screen -S TstSess05 ├─2629 SCREEN -S TstSess05 ├─2630 /bin/bash ├─2657 loginctl session-status 3 └─2658 less ``` (please refer to attachment [issue_systemd-logout_2019-05-19](<https://bugzilla.opensuse.org/attachment.cgi?id=805438>)) -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462 http://bugzilla.opensuse.org/show_bug.cgi?id=1132462#c23 --- Comment #23 from Pi Ny <piny@gmx.com> --- (In reply to Franck Bui from comment #20)
BTW which version of systemd are you using ? (rpm -q systemd)
nue-p1:~ # rpm -q systemd systemd-234-lp150.20.15.1.x86_64 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462 http://bugzilla.opensuse.org/show_bug.cgi?id=1132462#c24 --- Comment #24 from Franck Bui <fbui@suse.com> --- Could you try to run your test with "systemd.legacy_systemd_cgroup_controller" appended to the kernel command line and see if it helps ? BTW you did a typo when you added "printk.devkmsg=on" option. Thanks. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462 http://bugzilla.opensuse.org/show_bug.cgi?id=1132462#c25 --- Comment #25 from Franck Bui <fbui@suse.com> --- Can you also please show the backtrace when systemd is calling scope_notify_cgroup_empty_event() ? In order to do so, please install "gdb" then run your test again (without "systemd.legacy_systemd_cgroup_controller") but before logging out from the session which has screen please start gdb as root in another terminal and do: $ gdb -p 1 $ b scope_notify_cgroup_empty_event $ c Get back to the other terminal and log out. Gdb should stop at the breakpoint. If so please run the command "bt" in gdb and show the output. Before quitting gdb, show the content of the follwoing files (you'll need another terminal): /sys/fs/cgroup/unified/user.slice/user-<X>.slice/session-<Y>.scope/cgroup.events /sys/fs/cgroup/unified/user.slice/user-<X>.slice/session-<Y>.scope/cgroup.procs where: X is the uid of the user that started screen Y is the session number where screen was started from You can then quit gdb by entering "q" in gdb. Thanks ! -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462 http://bugzilla.opensuse.org/show_bug.cgi?id=1132462#c26 --- Comment #26 from Pi Ny <piny@gmx.com> --- Created attachment 805886 --> http://bugzilla.opensuse.org/attachment.cgi?id=805886&action=edit session log 2019-05-23 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462 http://bugzilla.opensuse.org/show_bug.cgi?id=1132462#c27 --- Comment #27 from Pi Ny <piny@gmx.com> --- (In reply to Franck Bui from comment #24)
Could you try to run your test with "systemd.legacy_systemd_cgroup_controller" appended to the kernel command line and see if it helps ?
Yes, this helps! Please refer to <https://bugzilla.opensuse.org/attachment.cgi?id=805886> -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462 http://bugzilla.opensuse.org/show_bug.cgi?id=1132462#c28 --- Comment #28 from Franck Bui <fbui@suse.com> --- (In reply to Pi Ny from comment #27)
(In reply to Franck Bui from comment #24)
Could you try to run your test with "systemd.legacy_systemd_cgroup_controller" appended to the kernel command line and see if it helps ?
Yes, this helps!
Hmm then something went wrong with cgroup v2 for you... Can you please try to use gdb as it's described in comment #25 (please make sure to remove "systemd.legacy_systemd_cgroup_controller" option before) ? Thanks. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462 http://bugzilla.opensuse.org/show_bug.cgi?id=1132462#c29 --- Comment #29 from Pi Ny <piny@gmx.com> --- Created attachment 806588 --> http://bugzilla.opensuse.org/attachment.cgi?id=806588&action=edit session log 2019-06-01 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462 http://bugzilla.opensuse.org/show_bug.cgi?id=1132462#c30 --- Comment #30 from Pi Ny <piny@gmx.com> --- (In reply to Franck Bui from comment #28)
Can you please try to use gdb as it's described in comment #25 (please make sure to remove "systemd.legacy_systemd_cgroup_controller" option before) ?
Unfortunately the debugging failed: Excerpt from <https://bugzilla.opensuse.org/attachment.cgi?id=806588>: ``` nue-p1:~ # gdb -p 1 Attaching to process 1 ``` (then a lot of error messages like) ``` ... Reading symbols from /usr/lib/systemd/systemd...Missing separate debuginfo for /usr/lib/systemd/systemd Try: zypper install -C "debuginfo(build-id)=4d6bbcd3a70a6b0b8bc43e995e8cdd0014cc0527" (no debugging symbols found)...done. ... ``` Should I really install 20+ such special capabilities? Tried to continue anyway ``` (gdb) b scope_notify_cgroup_empty_event Function "scope_notify_cgroup_empty_event" not defined. ``` So I aborted... Pls see <https://bugzilla.opensuse.org/attachment.cgi?id=806588> for details. Pls advice. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462 http://bugzilla.opensuse.org/show_bug.cgi?id=1132462#c31 --- Comment #31 from Franck Bui <fbui@suse.com> --- (In reply to Pi Ny from comment #30)
Should I really install 20+ such special capabilities? Tried to continue anyway
No only installing the debug info for systemd should be enough. So enabling the debug repository with "zypper mr --enable repo-debug repo-source" and installing the relevant packages with "zypper in systemd-debuginfo systemd-debugsource" should do it. Thanks. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com