Usage of prctl subreaper in upstart user session

[Stéphane Graber]

Hi Ted,

Steve said you'd be the best point of contact to discuss using upstart
in the user session.


So, in our work to implement upstart user session, one thing we need to
do is get upstart notified of any managed job exiting. For pid 1, that's
easy as it'll always get the sigchld signal one way or another.
That's a bit more tricky with upstart running in the user session though
as it's not guaranteed to be the parent (direct or indirect) of the
processes spawned by the jobs.

To fix that situation, I've been working on a branch to use prctl's
subreaper, which effectively ensures that any process spawned by the
user's upstart and any children of that process will be reparented to
the user's upstart instead of pid 1 in the case of a double-fork.

The code seems all well and works fine as far as I can tell. It's also
very similar to what systemd is doing in some cases and to what
gnome-session appears to be doing nowadays.

One issue with this though is that the feature was only introduced in
the 3.4 kernel, so it's going to be a problem for users upgrading from
12.04 (3.2 kernel) to 14.04. Specifically if they logout and log back in
after upgrade before rebooting first.

We discussed this problem with James and Dmitrijs a few weeks back and
came up with a rather simple way of dealing with it, which I want to
check would satisfy your use case.
Basically, if upstart is started on a system that lacks the prctl
subreaper, it'll issue a warning (which will get to .xsession_errors)
and will emit a child-subreaper-failed event that jobs can use to notify
the user.

The only feature that will go missing if the prctl subreaper can't be
used is respawning dead processes as upstart won't be able to get
sigchld for processes that were reparented to pid 1. Stopping jobs will
also be a little less reliable as upstart will have to send a SIGTERM
and consider the job stopped without being able to check whether the job
actually exited.
While this may be a bit annoying if a critical process crashes, my
opinion is that it won't be any worse than what we have currently and
will only be a very temporary situation until the user reboots the
machine and gets a newer kernel.

Would the above work for you or do you see any potential problem with
that or think of a better way to deal with the 12.04->14.04 upgrade
scenario?

Merge proposal:
https://code.launchpad.net/~stgraber/upstart/upstart-prctl/+merge/136759

Specification:
https://wiki.ubuntu.com/FoundationsTeam/Specs/RaringUpstartUserSessions

-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/upstart-devel/attachments/20121210/fd32ded8/attachment.pgp>