On Thu, 17.05.12 12:17, Auke Kok ([email protected]) wrote: > The PAM helper thread needs to capture the death signal from the > parent, but is prohibited from doing so since when the child dies > as normal user, the kernel won't allow it to send a TERM to the > PAM helper thread which is running as root. > > This causes the PAM threads to never exit, accumulating after > user sessions exit. > > There is however really no need to keep the PAM threads running as > root, so, we can just setresuid() to the same user as defined in the > unit file for the parent thread (User=). This makes the TERM signal > arrive as normal. In case setresuid() fails, we ignore the error, so > we at least fall back to the current behaviour.
Applied. In the long run we probably should reshuffle all of this so that the pam stuff is moved outside of the systemd binary and is implemented via an explicit wrapper tool. The fact that the pam thingy currently is a child of the main process is kinda neat, but probably not the best choice after all. We shouldn't leave long running children of PID 1 around that have not exec()'ed to another binary, since they might cause unnecessary pagefaults in PID 1. hence the idea of splitting this into its own binary. Lennart -- Lennart Poettering - Red Hat, Inc. _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
