New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
logind.conf(5) man page entry for RemoveIPC option varies from observed behavior #2324
Comments
In case it helps anyone else. Red Hat Solution #2062273, "Applications using IPC (semaphores, shared memory, message queues) have problems after update to RHEL 7.2" is what the IBM DB2 Support team used to help identify the issue, and which led them to observe the discrepancy in the logind.conf man page from actual behavior. |
The systemd man page needs updating, and needs to say that system users are generally excluded from the effect of RemoveIPC=. Note that systemd does not honour the login.defs setting. The system user boundary is really not something that a user could reasonable configure at runtime. Thus, it is only compile-time configurable in systemd (the configure scripts actually try to determine it automatically from /etc/login.defs at compile-time), but not runtime configurable. |
Thank you Lennart, that was very helpful. Hope the following possible rewording isn't too verbose. If whoever makes the actual change to the man page can point to the source document describing systemd's discrimination between compile time and runtime modifications of UID_MIN and UID_MAX in /etc/login.defs, then that makes the modification even shorter (something like "See foo(5), section bar, for how systemd identifies a system user."). Original:
Possible rewording:
|
We generally don't reference /etc/login.defs, as that's a file that I think better should not exist the way it is. I mean, for the same reason we refuse to parse the system user boundary from the file during runtime we really shouldn't mention its existance at all. It pretends things where configurable that effectively really aren't. |
Makes sense, that vastly simplifies the proposed revised rewording:
If this looks good to you, should I make the change in systemd/man/logind.conf.xml and send a pull request for it, and let the build re-generate and update the logind.conf file? |
Information about RemoveIPC can be found in detail in the man page for logind.conf. However, the removal of all System V and POSIX IPC objects belonging to the user after the last of the user's sessions terminated can lead to significant confusion. Especially since the elogind man page does neither mention the removal nor where to configure it. A paragraph about this detail of the tearing down after the last session of a user exited has been added to the elogind man page, so users can find this information quicker and easier. See: * https://bugs.debian.org/949698 * systemd/systemd#2039 * systemd/systemd#2324 * systemd/systemd#4532 Bug: #151 Closes: #151 Signed-off-by: Sven Eden <sven.eden@prydeworx.com>
Information about RemoveIPC can be found in detail in the man page for logind.conf. However, the removal of all System V and POSIX IPC objects belonging to the user after the last of the user's sessions terminated can lead to significant confusion. Especially since the elogind man page does neither mention the removal nor where to configure it. A paragraph about this detail of the tearing down after the last session of a user exited has been added to the elogind man page, so users can find this information quicker and easier. See: * https://bugs.debian.org/949698 * systemd/systemd#2039 * systemd/systemd#2324 * systemd/systemd#4532 Bug: #151 Closes: #151 Signed-off-by: Sven Eden <sven.eden@prydeworx.com> Cherry-picked-from: ee95567
In the man page entry for the RemoveIPC option, it states: "Note that IPC objects of the root user are excluded from the effect of this setting."
Under RHEL 7u2, this man page entry has not been changed. I hope that means Red Hat has not made a downstream modification to systemd without an accompanying man page change. IBM DB2 Support and we discovered that actually, objects of all users considered to be system users, i.e., with uidnumber < 1000, are excluded. DB2 v10.x will randomly crash on RHEL 7u2 unless the RemoveIPC option is set to "no".
So does the man page have a defect, or is the defect in systemd because it is really supposed to lock down the behavior only to root user for the RemoveIPC option, and not for all system users?
Note that system users are defined in /etc/login.defs and not hard-coded. So while canonically system users are uidnumber < 1000, really if the man page needs a correction then it should read more along these lines:
The text was updated successfully, but these errors were encountered: