search

canonical / cloud-init

Official upstream for the cloud-init: cloud instance initialization
https://cloud-init.io/
Other
3.01k stars 887 forks source link

[enhancement]: (systemd) allow cgroup cleanup #5275

Open holmanb opened 6 months ago

holmanb commented 6 months ago

Enhancement

Cloud-init doesn't use systemd's default cgroup process cleanup setting. While there isn't a known bug related to this, a misbehaving subprocess could potentially leak daemons to the running system inadvertently as a result of this choice.

The purpose of this setting was to support cloud-init's cc_power_reset module, which was implemented by forking a process that runs some code shortly after the cloud-init main process exits.

It may be possible to drop this restriction by using an ExecStartPost= in cloud-final.service which runs whatever command cloud-init must run prior to the cloud-final.service completing.

TheRealFalcon commented 6 months ago

I'm not even entirely sure what KillMode=process accomplishes here. In the default case, forked processes won't get killed unless the parent service is manually stopped/killed.