Details
-
Task
-
Status: Open (View Workflow)
-
Major
-
Resolution: Unresolved
-
None
Description
When reviewing the units in the pull request for systemd socket activation, I suggested configuring the services using KillMode=mixed to gain more control over shutdown for anything that has a subprocess.
The units I reviewed use the default, which is KillMode=control-group, which sends SIGTERM signals to all processes in the control group simultaneously. Unless the daemon and its children are designed to have child processes stopped this way, this is often disruptive to orderly shutdown. For example, a parent process might have a child shut down and disappear before it attempts to send a signal to a now-missing PID.
So, I usually encourage projects to consider KillMode=mixed if there's any chance of having child processes and the behavior of KillMode=control-group isn't explicitly desired.
I've seen some remarks on using SendSIGKill=No, which I would discourage. If you need an unbounded shutdown time, I would instead use TimeoutStopSec=infinity, which is still undesirable. I don't actually see much use case behind SendSIGKill=No these days, as it's better to control the conditions that trigger forcible cleanup than to disable the mechanism for it.
Attachments
Issue Links
- relates to
-
MDEV-5536 Support systemd socket activation
- Closed