New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
systemd-run --scope --user fails in systemd 249.6 #21297
Comments
If I understand correctly, the issue is that attaching the process to the cgroup might be delegated to the system instance here: Lines 2278 to 2287 in 8b212f3
However, the thusly attached process is not counted in the same way that commit 8d3e4ac added here: Lines 2294 to 2295 in 8b212f3
which leads to the "No PIDs left to attach to the scope's control group" failure. If my analysis is correct, a fix would be counting delegated additions in diff --git a/src/core/cgroup.c b/src/core/cgroup.c
index abc30e3990..c942db8d05 100644
--- a/src/core/cgroup.c
+++ b/src/core/cgroup.c
@@ -2283,8 +2283,11 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) {
z = unit_attach_pid_to_cgroup_via_bus(u, pid, suffix_path);
if (z < 0)
log_unit_info_errno(u, z, "Couldn't move process "PID_FMT" to requested cgroup '%s' (directly or via the system bus): %m", pid, empty_to_root(p));
- else
+ else {
+ if (ret >= 0)
+ ret++; /* Count successful additions */
continue; /* When the bus thing worked via the bus we are fully done for this PID. */
+ }
}
if (ret >= 0) I confirm that this patch fixes the issue on my system, so I opened PR #21298 for it. |
Since commit 8d3e4ac ("scope: refuse activation of scopes if no PIDs to add are left") all "systemd-run --scope --user" calls fail because cgroup attachments delegated to the system instance are not counted towards successful additions. Fix this by incrementing the return value in case unit_attach_pid_to_cgroup_via_bus() succeeds, similar to what happens when cg_attach() succeeds directly. Note that this can *not* distinguish the case when unit_attach_pid_to_cgroup_via_bus() has been run successfully, but all processes to attach are gone in the meantime, unlike the checks that commit 8d3e4ac adds for the system instance. This is because even though unit_attach_pid_to_cgroup_via_bus() leads to an internal unit_attach_pids_to_cgroup() call, the return value over D-Bus does not include the number of successfully attached processes and is always NULL on success. Fixes: systemd#21297
Since commit 8d3e4ac ("scope: refuse activation of scopes if no PIDs to add are left") all "systemd-run --scope --user" calls fail because cgroup attachments delegated to the system instance are not counted towards successful additions. Fix this by incrementing the return value in case unit_attach_pid_to_cgroup_via_bus() succeeds, similar to what happens when cg_attach() succeeds directly. Note that this can *not* distinguish the case when unit_attach_pid_to_cgroup_via_bus() has been run successfully, but all processes to attach are gone in the meantime, unlike the checks that commit 8d3e4ac adds for the system instance. This is because even though unit_attach_pid_to_cgroup_via_bus() leads to an internal unit_attach_pids_to_cgroup() call, the return value over D-Bus does not include the number of successfully attached processes and is always NULL on success. Fixes: systemd#21297
systemd/systemd#21297 git-svn-id: file:///srv/repos/svn-packages/svn@427879 eb2447ed-0c53-47e4-bac8-5bc4a241df78
systemd/systemd#21297 git-svn-id: file:///srv/repos/svn-packages/svn@427879 eb2447ed-0c53-47e4-bac8-5bc4a241df78
Since commit 8d3e4ac ("scope: refuse activation of scopes if no PIDs to add are left") all "systemd-run --scope --user" calls fail because cgroup attachments delegated to the system instance are not counted towards successful additions. Fix this by incrementing the return value in case unit_attach_pid_to_cgroup_via_bus() succeeds, similar to what happens when cg_attach() succeeds directly. Note that this can *not* distinguish the case when unit_attach_pid_to_cgroup_via_bus() has been run successfully, but all processes to attach are gone in the meantime, unlike the checks that commit 8d3e4ac adds for the system instance. This is because even though unit_attach_pid_to_cgroup_via_bus() leads to an internal unit_attach_pids_to_cgroup() call, the return value over D-Bus does not include the number of successfully attached processes and is always NULL on success. Fixes: #21297
systemd-run --scope --user failed to run in system 249.6, cf. systemd#21297. Add tests for systemd-run --scope and systemd-run --scope --user to make sure this does not regress again.
systemd-run --scope --user failed to run in system 249.6, cf. #21297. Add tests for systemd-run --scope and systemd-run --scope --user to make sure this does not regress again.
Since commit 8d3e4ac ("scope: refuse activation of scopes if no PIDs to add are left") all "systemd-run --scope --user" calls fail because cgroup attachments delegated to the system instance are not counted towards successful additions. Fix this by incrementing the return value in case unit_attach_pid_to_cgroup_via_bus() succeeds, similar to what happens when cg_attach() succeeds directly. Note that this can *not* distinguish the case when unit_attach_pid_to_cgroup_via_bus() has been run successfully, but all processes to attach are gone in the meantime, unlike the checks that commit 8d3e4ac adds for the system instance. This is because even though unit_attach_pid_to_cgroup_via_bus() leads to an internal unit_attach_pids_to_cgroup() call, the return value over D-Bus does not include the number of successfully attached processes and is always NULL on success. Fixes: systemd#21297 (cherry picked from commit c65417a)
systemd version the issue has been seen with
249.6
Used distribution
Arch Linux (downstream tracking bug report: FS#72701)
Linux kernel version used (
uname -a
)Linux hostname 5.15.1-arch1-2 #1 SMP PREEMPT Tue, 09 Nov 2021 16:16:12 +0000 x86_64 GNU/Linux
CPU architecture issue was seen on
x86_64
Expected behaviour you didn't see
In systemd version <= 249.5, running something like
systemd-run --scope --user sleep 100
results in an output likeand the command (
sleep 100
in this case) successfully being executed in a scope unit.Unexpected behaviour you saw
In systemd version 249.6,
systemd-run --scope --user sleep 100
results in an error message and the command is not getting run:Note that running the command as root (using
systemd-run --scope sleep 100
) works perfectly fine, only user units appear to be affected.Steps to reproduce the problem
Run
systemd-run --scope --user sleep 100
with systemd 249.6.Additional program output to the terminal or log subsystem illustrating the issue
Running
journalctl -xe
as suggested by the above error message gives the following errors:This points towards commit 8d3e4ac, backported to systemd 249.6 as systemd/systemd-stable@7ecb1b8, as the culprit. Indeed, reverting this commit fixes the issue for me.
The text was updated successfully, but these errors were encountered: