Am 08.06.2021 um 19:05 schrieb Matt Corallo:
On 6/8/21 12:31, Michael Biebl wrote:Am 08.06.2021 um 18:08 schrieb Matt Corallo:Hmmm, with set-linger and --scope I can't seem to reproduce now either, its possible I had forgotten the --scope at some point while testing set-linger before, sorry for the noise here.Still, based on my read of #825394, it seems like it should be the case that you do not need set-linger and the default behavior should be that things aren't automatically killed in the background? Is that something that was an intentional change?Change to what exactly? I guess we need to differentiate between login and user sessions.It's my understanding that KillUserProcesses= only affects a login session.I admit I am definitely not a systemd expert (which I suppose should be obvious by now :) ), so have no idea what this means, and systemd-run's man page doesn't really elucidate it. Not Debian's or your problem, of course, though.If you start a process as part of a user session (which is what systemd-run --user does), ending that user session will stop that process.Is there an alternate way to run things that lxc should instead be recommending? In my interactions with the lxc folks it seems this workaround is only relevant for Debian bullseye, so maybe other distros are patching systemd or changing cgroup settings such that interacting with systemd isn't required.Similar to the discussion in 825394, having daemons spontaneously killed is incredibly surprising, maybe it makes sense to enable-linger by default?> Did you use systemd-run in buster to start your lxc containers?> You need to be very explicit, otherwise I can only guess what exactly you were/are doing.No, but also didn't need to, its only with bullseye that (systemd's ?) cgroup settings prevent direct calls to lxc-start, which is what makes the whole thing such a mess - one cannot simply call lxc functions anymore because systemd gets in the way. Using systemd for this, sadly, is an excercize in puzzling through man pages and lack of documentation for how to do any of this (half of the lxc docs for how to do this are because I had to ask lxc maintainers how to do basic lxc things with bullseye).
Antonio, Stéphane, do you have any input how we can improve the situation here?
A short summary: Debian bullseye switched to cgroupv2 which now makes it necessary to run lxc-start as unprivileged user via "systemd-run -p Delegate=yes". This in turn makes the lxc processes part of the systemd --user session, not the login session. Which in turn requires "linger" to enable daemon processes to persist once a user logs out.
Maybe I missed something and linger is the only option in this case (and lxc's README.Debian could have a note about this). Or maybe there is a different way to achieve what Matt is trying to do?
Michael
OpenPGP_signature
Description: OpenPGP digital signature
