As we want to centralized cgroup access we should stop killing the user
sessions directly from the systemd-user-sessions service. Instead, rely
on PID 1 doing this by adding the right ordering dependencies to the
session scope units.
logind: don't misunderstand UnitRemoved signals during reloading
When PID 1 reloads the units logind/machined will see UnitRemoved
signals for all units. Instead of trusting these immediately, let's
check the actual unit state before considering a unit gone, so that
reloading PID 1 is not mistaken as the end of all sessions.
core: send out "Reloading" signal before and after doing a full reload/reexec of PID 1
Since we'll unload all units/job during a reload, and then readd them it
is really useful for clients to be aware of this phase hence sent a
signal out before and after. This signal is called "Reloading" (despite
the fact that it is also sent out during reexecution, which we consider
a special case in this context) and has one boolean parameter which is
true for the signal sent before the reload, and false for the signal
after the reload. The UnitRemoved/JobRremoved and UnitNew/JobNew due to
the reloading are guranteed to be between the pair of Reloading
messages.
systemctl: suppress error message when doing "systemctl daemon-reexec"
When we issue a reexecution request via the private socket we need to
expect a "Disconnected" in addition to "NoReply" when the connection is
terminated.
scope: don't require an initialized PIDs set when deserializing
When a scope unit is created due to deserialization rather than client
request don't enforce that the PIDs set must be non-empty, since the
cgroup is already populated.
core: while we are reloading don't suppress bus signals
While we are reloading we shouldn't suppress adding units to the bus
queue when there are no subscribers, simply because we might not have
deserialized the subscribers list yet. Hence, during reloading always
assume we have subscribers.
cgroup: downgrade error message when we cannot remove a cgroup to debug
Some units set KillMode=none to survive the initrd→rootfs transition. We
cannot remove their cgroups, but that shouldn't really be considered an
issue, so let's downgrade the error message.
Kay Sievers [Thu, 4 Jul 2013 18:54:40 +0000 (20:54 +0200)]
cgroups-agent: remove ancient fallback code; turn connection error into warning
During re-execution and shutdown cgroups agents might not be able
to connect to systemd's private D-Bus socket, the printed error to
the console is misleding in that case, so turn it into a warning.
Kay Sievers [Thu, 4 Jul 2013 18:31:18 +0000 (20:31 +0200)]
disable the cgroups release agent when shutting down
During shutdown, when we try to clean up all remaining processes, the
kernel will fork new agents every time a cgroup runs empty. These
new processes cause delays in the final SIGTERM, SIGKILL logic.
Apart from that, this should also avoid that the kernel-forked binaries
cause unpredictably timed access to the filesystem which we might need to
unmount.
The kernel adds those when the file is deleted,
but we don't really care if the file is still there
or not. The downside is that if the filename ends
in ' (deleted)', this part of the filename will be
removed. Too bad.
Since we should allow registering/unregistering transient units with the
same name in a tight-loop, we need to make the GC more aggressive, so
that dead units are cleaned up immediately instead of later.
hence, execute the GC sweep on every event loop iteration and clean up
units. This of course, means we need to be careful with adding units to
the GC queue, which we already are since we execute check_gc() of each
unit type already when adding something to the queue.
machined: split out machine registration stuff from logind
Embedded folks don't need the machine registration stuff, hence it's
nice to make this optional. Also, I'd expect that machinectl will grow
additional commands quickly, for example to join existing containers and
suchlike, hence it's better keeping that separate from loginctl.
Kay Sievers [Tue, 2 Jul 2013 00:13:30 +0000 (02:13 +0200)]
keymap: Asus -- do not overwrite explicitely kernel driver defined keys
If key mappings are defined in the kernel driver, userspace must
not overwrite them. If something is wrong with the kernel-provided
values, the kernel driver shold be fixed instead.
Some of the matches are not the input device name but the kernel
driver name, which will not match anything.
logind: port over to use scopes+slices for all cgroup stuff
In order to prepare things for the single-writer cgroup scheme, let's
make logind use systemd's own primitives for cgroup management.
Every login user now gets his own private slice unit, in which his sessions
live in a scope unit each. Also, add user@$UID.service to the same
slice, and implicitly start it on first login.
core: move ControlGroup and Slice properties out of the dbus "Unit" interface
Slice/ControlGroup only really makes sense for unit types which actually
have cgroups attached to them, hence move them out of the generic Unit
interface and into the specific unit type interfaces.
These fields will continue to be part of Unit though, simply because
things are a log easier that way. However, regardless how this looks
internally we should keep things clean and independent of the specific
implementation of the inside.
core: add new "scope" unit type for making a unit of pre-existing processes
"Scope" units are very much like service units, however with the
difference that they are created from pre-existing processes, rather
than processes that systemd itself forks off. This means they are
generated programmatically via the bus API as transient units rather
than from static configuration read from disk. Also, they do not provide
execution-time parameters, as at the time systemd adds the processes to
the scope unit they already exist and the parameters cannot be applied
anymore.
The primary benefit of this new unit type is to create arbitrary cgroups
for worker-processes forked off an existing service.
This commit also adds a a new mode to "systemd-run" to run the specified
processes in a scope rather then a transient service.