search

troglobit / finit

Fast init for Linux. Cookies included
https://troglobit.com/projects/finit/
MIT License
633 stars 64 forks source link

cgroup move pid failed in 4.4 #361

Closed w41l closed 1 year ago

w41l commented 1 year ago

Since version 4.4 finit can not move process to /system/process. The process cgroup is still in CGROUP/init root:

root:~# finit -v
Finit 4.4
Bug report address: https://github.com/troglobit/finit/issues
Project homepage: https://troglobit.com/projects/finit/
root:~# initctl status redis-server
     Status : running
   Identity : redis-server
Description : Redis database server
     Origin : /etc/finit.d/enabled/redis.conf
Condition(s): <+net/lo/up>
    Command : /usr/bin/redis-server /etc/redis/redis.conf
   PID file : /run/redis.pid
        PID : 12066
       User : redis
      Group : redis
     Uptime : 11 sec
   Restarts : 0 (0/10)
  Runlevels : [----345----]
     Memory : 433.8M
     CGroup : /init cpu 0-7 [100, max] mem [0, max]
              ├─ 1 init
              ├─ 560 keventd
              ├─ 1302 freshclam -d -F --quiet -p /run/clamav/freshclam.pid
              └─ 12066 redis-server

Jul  7 09:33:03 gm15 finit[12066]: cgroup_leaf_init():Failed moving pid 12066 to group /sys/fs/cgroup/system/redis: Permission denied

This problem did not happened in version 4.3:

root:~# finit -v
Finit 4.3
Bug report address: https://github.com/troglobit/finit/issues
Project homepage: https://troglobit.com/projects/finit/
root:~# initctl status redis-server
     Status : running
   Identity : redis-server
Description : Redis database server
     Origin : /etc/finit.d/redis.conf
Environment :
Condition(s): <+net/lo/up>
    Command : /usr/bin/redis-server /etc/redis/redis.conf
   PID file : /run/redis.pid
        PID : 835
       User : redis
      Group : redis
     Uptime : 30 day 16 hour 11 min 19 sec
   Restarts : 0 (0/10)
  Runlevels : [--2345----]
     Memory : 7.9M
     CGroup : /system/redis cpu 0-3 [100, max] mem [0, max]
              └─ 835 redis-server

Finit 4.4 can move cgroup resources if the process, say redis or memcached, was started using root user.

troglobit commented 1 year ago

Interesting. Thank you for reporting this, I'll have a look at it over the weekend!

troglobit commented 1 year ago

Confirmed. Regression introduced in a refactor when we added support for pre:/post:/ready: scripts. The fix will ensure we also run these scripts in the correct cgroup.