Umut Tezduyar Lindskog ([email protected]) asked: >> How do I add a slice that is inside the system.slice?
Lennart answered: > The name is basically the cgroup path. i.e. foo-bar-baz.slice is a > slice below foo-bar.slice, which is below foo.slice, which is below > -.slice. I got curious about the pathological cases: what would happen if root started a service that requested to be in user-foo.slice that was resident in /usr/lib/systemd/system? The results came out sensibly, but are not quite what I guessed in advance. Here are the results of the four combinations: Summary: ======== 0. 'firefox.slice' is placed under top-level slice if started with SUID from /usr/lib/systemd/system. 1. 'firefox.slice' is placed under user-<UID>.slice if started with normal user privileges from /usr/lib/systemd/user. 2. 'user-firefox.slice' is placed under user.slice but not under user-<uid>.slice if started with SUID from /usr/lib/systemd/system. 3. 'system-firefox.slice' is placed under a system.slice which is created under user-<uid>.slice if started with normal user privileges from /usr/lib/systemd/user. Takeaway 0: as you'd expect, root can start services in a user's slice if they are intentionally invoked that way. Normal users are free to create slices under their main-level slice of any arbitrary name, but not to create slices in the top-level system slice. Takeaway 1: a service's slice is created at top-level only if its unit file specifies neither system-*.slice or user-*.slice and it is started by root. Details: ====== 0. firefox.service with slice=firefox.slice placed in /usr/lib/systemd/system and started with 'sudo systemctl start firefox.service': sudo systemd-cgls: ├─1 /usr/lib/systemd/systemd --switched-root --system --deserialize 23 ├─firefox.slice │ └─firefox.service │ ├─3895 /usr/lib64/firefox/firefox http://fedoraproject.org/wiki/SysVinit_to_ │ ├─4044 /bin/dbus-launch --autolaunch 8ebf690c04404266b85a36b676fefc7a --bina │ └─4045 /bin/dbus-daemon --fork --print-pid 5 --print-address 7 --session 1. Firefox with slice=firefox.slice placed in /usr/lib/systemd/user and started with 'systemctl --user start firefox.service': └─user.slice └─user-1000.slice ├─session-1.scope │ ├─2689 gdm-session-worker [pam/gdm-autologin] │ ├─2707 gnome-session [ . . . ] └─[email protected] ├─2698 /usr/lib/systemd/systemd --user ├─2700 (sd-pam) ├─emacs.service │ └─2704 /usr/bin/emacs --daemon └─firefox.slice └─firefox.service └─4280 /usr/lib64/firefox/firefox http://fedoraproject.org/wiki/SysVinit_to_ 2. firefox-user-slice.service is placed in /usr/lib/systemd/system, but contains 'Slice=user-firefox.service' and started with sudo systemctl start firefox-user-slice.service, └─user.slice ├─user-1000.slice │ ├─session-1.scope │ │ ├─2689 gdm-session-worker [pam/gdm-autologin] │ │ ├─2707 gnome-session │ │ ├─2714 dbus-launch --sh-syntax --exit-with-session [ . . . ] │ │ └─4752 less │ └─[email protected] │ ├─2698 /usr/lib/systemd/systemd --user │ ├─2700 (sd-pam) │ └─emacs.service │ └─2704 /usr/bin/emacs --daemon └─user-firefox.slice └─firefox-user-slice.service 3. Firefox with Slice=system-firefox.slice placed in /usr/lib/systemd/user and started with 'systemctl --user start firefox-system-slice.service' └─user.slice └─user-1000.slice ├─session-1.scope │ ├─2689 gdm-session-worker [pam/gdm-autologin] │ ├─2707 gnome-session │ ├─2714 dbus-launch --sh-syntax --exit-with-session [ . . . ] └─[email protected] ├─2698 /usr/lib/systemd/systemd --user ├─2700 (sd-pam) ├─emacs.service │ └─2704 /usr/bin/emacs --daemon └─system.slice └─system-firefox.slice -- Alison -- Alison Chaiken [email protected] 650-279-5600 http://{she-devel.com,exerciseforthereader.org} One consumes a great deal of silence in the course of becoming educated. -- Matthew B. Crawford _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
