From: Zbigniew Jędrzejewski-Szmek Date: Tue, 14 Mar 2023 11:27:37 +0000 (+0100) Subject: man: document "Delegate=" a bit more X-Git-Tag: v254-rc1~1026^2~1 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=449172f943acadc7fd1e2293a615c7cb0d87fcd6;p=thirdparty%2Fsystemd.git man: document "Delegate=" a bit more This case is a bit surprising, even if logical if one understands how the parser works. Let's be more explicit. Follow-up for 7b3693e4e4c9cae50fca65136278a62fae11327e. --- diff --git a/man/systemd.resource-control.xml b/man/systemd.resource-control.xml index 21e43421653..f24822e605f 100644 --- a/man/systemd.resource-control.xml +++ b/man/systemd.resource-control.xml @@ -96,8 +96,8 @@ system.slice user.slice / \ / \ / \ / \ - / \ user@0.service user@1000.service - / \ Delegate=yes Delegate=yes + / \ user@42.service user@1000.service + / \ Delegate= Delegate=yes a.service b.slice / \ CPUWeight=20 DisableControllers=cpu / \ / \ app.slice session.slice @@ -115,7 +115,9 @@ CPUWeight=20 DisableControllers=cpu / \ user@1000.service. Assuming that there is no futher configuration of resources or delegation below slices app.slice or session.slice, the controller would not be enabled for units in those slices and CPU resources - would be further allocated using other mechanisms, e.g. based on nice levels. + would be further allocated using other mechanisms, e.g. based on nice levels. The manager for user + 42 has delegation enabled without any controllers, i.e. it can manipulate its subtree of the cgroup + hierarchy, but without resource control. In the slice system.slice, CPU resources are split 1:6 for service a.service, and 5:6 for slice b.slice, because slice @@ -1153,19 +1155,19 @@ DeviceAllow=/dev/loop-control When enabled the service manager will refrain from manipulating control groups or moving processes below the unit's control group, so that a clear concept of ownership is established: the - control group tree above the unit's control group (i.e. towards the root control group) is owned - and managed by the service manager of the host, while the control group tree below the unit's - control group is owned and managed by the unit itself. - - Takes either a boolean argument or a list of control group controller names. If true, - delegation is turned on, and all supported controllers are enabled for the unit, making them - available to the unit's processes for management. If false, delegation is turned off entirely (and - no additional controllers are enabled). If set to a list of controllers, delegation is turned on, - and the specified controllers are enabled for the unit. Note that additional controllers other than - the ones specified might be made available as well, depending on configuration of the containing - slice unit or other units contained in it. Note that assigning the empty string will enable + control group tree at the level of the unit's control group and above (i.e. towards the root + control group) is owned and managed by the service manager of the host, while the control group + tree below the unit's control group is owned and managed by the unit itself. + + Takes either a boolean argument or a (possibly empty) list of control group controller names. + If true, delegation is turned on, and all supported controllers are enabled for the unit, making + them available to the unit's processes for management. If false, delegation is turned off entirely + (and no additional controllers are enabled). If set to a list of controllers, delegation is turned + on, and the specified controllers are enabled for the unit. Assigning the empty string will enable delegation, but reset the list of controllers, and all assignments prior to this will have no - effect. Defaults to false. + effect. Note that additional controllers other than the ones specified might be made available as + well, depending on configuration of the containing slice unit or other units contained in it. + Defaults to false. Note that controller delegation to less privileged code is only safe on the unified control group hierarchy. Accordingly, access to the specified controllers will not be granted to diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c index fa2f15c2f4e..57ff2a79f30 100644 --- a/src/core/load-fragment.c +++ b/src/core/load-fragment.c @@ -3978,12 +3978,12 @@ int config_parse_delegate( return 0; } - /* We either accept a boolean value, which may be used to turn on delegation for all controllers, or turn it - * off for all. Or it takes a list of controller names, in which case we add the specified controllers to the - * mask to delegate. */ + /* We either accept a boolean value, which may be used to turn on delegation for all controllers, or + * turn it off for all. Or it takes a list of controller names, in which case we add the specified + * controllers to the mask to delegate. Delegate= enables delegation without any controllers. */ if (isempty(rvalue)) { - /* An empty string resets controllers and set Delegate=yes. */ + /* An empty string resets controllers and sets Delegate=yes. */ c->delegate = true; c->delegate_controllers = 0; return 0;