[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Improving Shepherd
|
From: |
Danny Milosavljevic |
|
Subject: |
Re: Improving Shepherd |
|
Date: |
Mon, 5 Feb 2018 17:00:11 +0100 |
Hi Carlo,
On Mon, 05 Feb 2018 21:49:08 +1100
Carlo Zancanaro <address@hidden> wrote:
> User services - Alex has already sent a patch to the list to allow
> generating user services from the Guix side. The idea is to
> generate a Shepherd config file, allowing a user to invoke
> shepherd manually to start their services.
>A further extension to
> this would be to have something like systemd's "user sessions",
> where the pid 1 Shepherd automatically starts a user's services
> when they log in.
I assume that means "starts a user's shepherd when they log in".
elogind already emits a signal on dbus which tells you when a user logged in
return sd_bus_emit_signal(
u->manager->bus,
"/org/freedesktop/login1",
"org.freedesktop.login1.Manager",
new_user ? "UserNew" : "UserRemoved",
"uo", (uint32_t) u->uid, p);
Also, a directory /run/user/<id> appears - which alternatively can be
monitored by inotify or something.
So the system shepherd could have a shepherd service which does
while (1) {
wait until /run/user/<id> appears
vfork
if child: setuid, exec user shepherd, _exit
if parent: wait until child dies
}
We better be sure that no one else can create directories in /run/user .
In non-pseudocode, both "wait until /run/user/<id> appears" and
"wait until child dies" would have to be in the same call,
maybe epoll or something.
Maybe call the service shepherd-nursery-service or something, like a star
nursery :)
> Child process control - this is my personal frustration, where
> Shepherd loses track of processes that fork away (e.g. "emacs
> --daemon"). I barely know anything about Linux process management,
> but from my reading this can be solved through Linux namespaces
> (if user namespaces are available). Could someone who knows more
> about this let me know if that's a productive direction for me to
> investigate? Or tell me a better way to go about it?
User namespaces just present a different set of names to your process
(via VFS) so it looks like a chroot basically.
It does nothing for processes except fake their ids and limit your
overview of them.
You probably want process groups (see setsid(2)) or maybe containers.
- Re: Improving Shepherd, (continued)
- Re: Improving Shepherd, Carlo Zancanaro, 2018/02/05
- Re: Improving Shepherd, Ludovic Courtès, 2018/02/09
- Re: Improving Shepherd, Carlo Zancanaro, 2018/02/09
- Re: Improving Shepherd, Christopher Lemmer Webber, 2018/02/09
- Re: Improving Shepherd, Ludovic Courtès, 2018/02/14
- Re: Improving Shepherd, Andy Wingo, 2018/02/15
Re: Improving Shepherd, Jelle Licht, 2018/02/10
Re: Improving Shepherd,
Danny Milosavljevic <=