[Bug 1132462] New: Setting KillUserProcesses=yes w/o effect
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462 Bug ID: 1132462 Summary: Setting KillUserProcesses=yes w/o effect Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.0 Hardware: x86-64 OS: SUSE Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: bnc-team-screening@forge.provo.novell.com Reporter: piny@gmx.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Setting KillUserProcesses=yes in /etc/systemd/logind.conf does not effect user processes to be killed on logout. Example: Create new user, login, logout, check for surviving processes: # useradd -m charly # passwd charly (lock screen) (switch user - start new session - different user) (login as charly - logout) (return to inital session) # ps -u charly PID TTY TIME CMD 6996 ? 00:00:00 baloo_file # userdel -r charly userdel: user charly is currently used by process 6996 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462#c8
--- Comment #8 from Pi Ny
(In reply to Pi Ny from comment #6)
peter@nue-p1:~> sudo ps -u charly [sudo] password for root: PID TTY TIME CMD 3927 ? 00:00:00 screen 3928 pts/3 00:00:00 bash
(-> session survived logout!)
It works as expected here, the session is cleared after following your test case.
Are you sure you set KillUserProcesses=yes for "nue-p1" ?
just to be sure: nue-p1:~ # grep -v "^#" /etc/systemd/logind.conf [Login] KillUserProcesses=yes KillExcludeUsers=root -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462#c9
--- Comment #9 from Pi Ny
It works as expected here, the session is cleared after following your test case.
From what I understand about the purpose of `screen` I would expect it to survive a logout after being detached from a terminal.
So, if `screen` finds a mechanism to survive the systemd-setting to kill all user processes on logout, could this `baloo_file` make use of a similar mechanism? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462#c10
--- Comment #10 from Franck Bui
From what I understand about the purpose of `screen` I would expect it to survive a logout after being detached from a terminal.
Correct but if KillUserProcesses=yes then it should be killed anyway.
So, if `screen` finds a mechanism to survive the systemd-setting to kill all user processes on logout, could this `baloo_file` make use of a similar mechanism?
I don't think so, the fact that in your case screen survives from a logout with KillUserProcesses=yes is unexpected and shouldn't happen. BTW why did you use a "circular ssh sessions" (your words) ? Can you still recreate your issue with a "direct" ssh login ? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462#c11
--- Comment #11 from Pi Ny
Can you still recreate your issue with a "direct" ssh login ?
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462#c12
--- Comment #12 from Pi Ny
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462#c13
--- Comment #13 from Franck Bui
From your logs:
charly@nue-p1:~> screen -S TstSess02 (terminal clears) charly@nue-p1:~> screen -ls There is a screen on: 30023.TstSess03 (Attached) There is something wrong here: you asked the screen session to be named "TstSess02" but it was named "TstSess03"... that's weird. Can you do this test again with the debug logs enabled ? You need to reboot and add to the kernel command line the following option: "debug printk.devkmsg=on". Once your testing is complete please *attach* the ouput of "journalctl -b -oshort-monotonic". -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462#c14
--- Comment #14 from Pi Ny
There is something wrong here: you asked the screen session to be named "TstSess02" but it was named "TstSess03"... that's weird. I apologize for this misleading log. In order to rerun the session as close a possible I copy/pasted commands, comments and results between windows. There I seem to have missed such a 02-03 change - sorry. Nevertheless the log should reflect the behavior.
-- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462#c15
--- Comment #15 from Pi Ny
Can you do this test again with the debug logs enabled ?
You need to reboot and add to the kernel command line the following option: "debug printk.devkmsg=on".
Once your testing is complete please *attach* the ouput of "journalctl -b -oshort-monotonic".
I am off site for the rest of the week so have no second machine availiable to do this remote logon task - sorry. I will repeat the test as indicated next weekend! -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462#c16
--- Comment #16 from Pi Ny
Can you do this test again with the debug logs enabled ?
You need to reboot and add to the kernel command line the following option: "debug printk.devkmsg=on".
Once your testing is complete please *attach* the ouput of "journalctl -b -oshort-monotonic".
Please find attached the log of the session <
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462#c17
--- Comment #17 from Pi Ny
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462#c18
--- Comment #18 from Pi Ny
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462#c19
--- Comment #19 from Franck Bui
From the logs you provided:
[ 467.018796] nue-p1.nue.private systemd[1]: Got message type=method_call sender=:1.4 destination=org.freedesktop.systemd1 object=session_2d4_2escope interface=Scope member=Abandon cookie=144 reply_cookie=0 error=n/a [ 467.019310] nue-p1.nue.private systemd[1]: session-4.scope: cgroup is empty [ 467.019481] nue-p1.nue.private systemd[1]: session-4.scope changed running -> dead [ 467.019650] nue-p1.nue.private systemd[1]: session-4.scope: Failed to destroy cgroup /user.slice/user-1002.slice/session-4.scope, ignoring: Device or resource busy
For some reasons the session scope appears to be empty whereas it should contain at least the screen process as well as the shell used to spawn screen... Can you inspect the session status before logging out ? So after:
charly@nue-p1:~> loginctl SESSION UID USER SEAT TTY 4 1002 charly 1 481 sddm seat0
2 sessions listed. charly@nue-p1:~> screen -S TstSess04
(terminal clears)
can you run "loginctl session-status 4" and show the ouptut ? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462#c20
--- Comment #20 from Franck Bui
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462#c21
--- Comment #21 from Pi Ny
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462#c22
--- Comment #22 from Pi Ny
can you run "loginctl session-status 4" and show the ouptut ?
The output (here it is session 3) is ``` charly@nue-p1:~> loginctl session-status 3 3 - charly (1002) Since: Sun 2019-05-19 23:45:21 CEST; 2min 58s ago Leader: 2575 (sshd) Remote: 10.149.84.103 Service: sshd; type tty; class user State: active Unit: session-3.scope ├─2575 sshd: charly [priv] ├─2584 sshd: charly@pts/0 ├─2585 -bash ├─2628 screen -S TstSess05 ├─2629 SCREEN -S TstSess05 ├─2630 /bin/bash ├─2657 loginctl session-status 3 └─2658 less ``` (please refer to attachment [issue_systemd-logout_2019-05-19](https://bugzilla.opensuse.org/attachment.cgi?id=805438)) -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462#c23
--- Comment #23 from Pi Ny
BTW which version of systemd are you using ? (rpm -q systemd)
nue-p1:~ # rpm -q systemd systemd-234-lp150.20.15.1.x86_64 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462#c24
--- Comment #24 from Franck Bui
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462#c25
--- Comment #25 from Franck Bui
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462#c26
--- Comment #26 from Pi Ny
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462#c27
--- Comment #27 from Pi Ny
Could you try to run your test with "systemd.legacy_systemd_cgroup_controller" appended to the kernel command line and see if it helps ?
Yes, this helps! Please refer to https://bugzilla.opensuse.org/attachment.cgi?id=805886 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462#c28
--- Comment #28 from Franck Bui
(In reply to Franck Bui from comment #24)
Could you try to run your test with "systemd.legacy_systemd_cgroup_controller" appended to the kernel command line and see if it helps ?
Yes, this helps!
Hmm then something went wrong with cgroup v2 for you... Can you please try to use gdb as it's described in comment #25 (please make sure to remove "systemd.legacy_systemd_cgroup_controller" option before) ? Thanks. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462#c29
--- Comment #29 from Pi Ny
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462#c30
--- Comment #30 from Pi Ny
Can you please try to use gdb as it's described in comment #25 (please make sure to remove "systemd.legacy_systemd_cgroup_controller" option before) ?
Unfortunately the debugging failed: Excerpt from https://bugzilla.opensuse.org/attachment.cgi?id=806588: ``` nue-p1:~ # gdb -p 1 Attaching to process 1 ``` (then a lot of error messages like) ``` ... Reading symbols from /usr/lib/systemd/systemd...Missing separate debuginfo for /usr/lib/systemd/systemd Try: zypper install -C "debuginfo(build-id)=4d6bbcd3a70a6b0b8bc43e995e8cdd0014cc0527" (no debugging symbols found)...done. ... ``` Should I really install 20+ such special capabilities? Tried to continue anyway ``` (gdb) b scope_notify_cgroup_empty_event Function "scope_notify_cgroup_empty_event" not defined. ``` So I aborted... Pls see https://bugzilla.opensuse.org/attachment.cgi?id=806588 for details. Pls advice. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462
http://bugzilla.opensuse.org/show_bug.cgi?id=1132462#c31
--- Comment #31 from Franck Bui
Should I really install 20+ such special capabilities? Tried to continue anyway
No only installing the debug info for systemd should be enough. So enabling the debug repository with "zypper mr --enable repo-debug repo-source" and installing the relevant packages with "zypper in systemd-debuginfo systemd-debugsource" should do it. Thanks. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com