From mboxrd@z Thu Jan 1 00:00:00 1970 From: Danny Milosavljevic Subject: Re: Improving Shepherd Date: Mon, 5 Feb 2018 17:00:11 +0100 Message-ID: <20180205170011.73780f13@scratchpost.org> References: <871si8bc5g.fsf@zancanaro.id.au> <877errn23f.fsf@zancanaro.id.au> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:38106) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eijBx-0001mB-QA for guix-devel@gnu.org; Mon, 05 Feb 2018 11:00:29 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eijBr-00011f-Ly for guix-devel@gnu.org; Mon, 05 Feb 2018 11:00:25 -0500 Received: from dd26836.kasserver.com ([85.13.145.193]:57226) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1eijBr-0000xr-DT for guix-devel@gnu.org; Mon, 05 Feb 2018 11:00:19 -0500 In-Reply-To: <877errn23f.fsf@zancanaro.id.au> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Carlo Zancanaro Cc: guix-devel@gnu.org Hi Carlo, On Mon, 05 Feb 2018 21:49:08 +1100 Carlo Zancanaro wrote: > User services - Alex has already sent a patch to the list to allow > generating user services from the Guix side. The idea is to > generate a Shepherd config file, allowing a user to invoke > shepherd manually to start their services. >A further extension to > this would be to have something like systemd's "user sessions", > where the pid 1 Shepherd automatically starts a user's services > when they log in. I assume that means "starts a user's shepherd when they log in". elogind already emits a signal on dbus which tells you when a user logged in return sd_bus_emit_signal( u->manager->bus, "/org/freedesktop/login1", "org.freedesktop.login1.Manager", new_user ? "UserNew" : "UserRemoved", "uo", (uint32_t) u->uid, p); Also, a directory /run/user/ appears - which alternatively can be monitored by inotify or something. So the system shepherd could have a shepherd service which does while (1) { wait until /run/user/ appears vfork if child: setuid, exec user shepherd, _exit if parent: wait until child dies } We better be sure that no one else can create directories in /run/user . In non-pseudocode, both "wait until /run/user/ appears" and "wait until child dies" would have to be in the same call, maybe epoll or something. Maybe call the service shepherd-nursery-service or something, like a star nursery :) > Child process control - this is my personal frustration, where > Shepherd loses track of processes that fork away (e.g. "emacs > --daemon"). I barely know anything about Linux process management, > but from my reading this can be solved through Linux namespaces > (if user namespaces are available). Could someone who knows more > about this let me know if that's a productive direction for me to > investigate? Or tell me a better way to go about it? User namespaces just present a different set of names to your process (via VFS) so it looks like a chroot basically. It does nothing for processes except fake their ids and limit your overview of them. You probably want process groups (see setsid(2)) or maybe containers.