|
|
Log in / Subscribe / Register

Another daemon for managing control groups

Another daemon for managing control groups

Posted Dec 17, 2013 18:07 UTC (Tue) by hummassa (guest, #307)
In reply to: Another daemon for managing control groups by Jonno
Parent article: Another daemon for managing control groups

> PID 1 enjoys a privileged position and the kernel makes sure it never ever dies for any reason whatsoever

AFAICT the kernel dies and locks the machine out if PID 1 dies.

to post comments

Another daemon for managing control groups

Posted Dec 17, 2013 18:14 UTC (Tue) by mathstuf (subscriber, #69389) [Link]

I think it "just" panics. At that point, PID numbers are pretty useless I'd think :) .

Systemd's behavior in the face of a fatal error is to enter an infinite loop rather than dying[2].

[1]http://cgit.freedesktop.org/systemd/systemd/tree/src/core...
[2]http://cgit.freedesktop.org/systemd/systemd/tree/src/shar...

Another daemon for managing control groups

Posted Dec 17, 2013 19:23 UTC (Tue) by Jonno (guest, #49613) [Link]

> AFAICT the kernel dies and locks the machine out if PID 1 dies.
The kernel will panic if PID 1 exits on its own, but it will protect it from all outside interference (including blocking the normally unblockable SIGKILL and SIGSTOP), so as long as you handle all normal signals and never call exit() or return from main() you are golden.

As noted above systemd will enter an infinite loop (always yielding it's time slot back to the scheduler as to not monopolize the CPU) in the signal handler for any error signal it can't handle more gracefully, but that is only to protect from internal bugs, and not a normal operational condition, which a dying cgmanager would be.

Another daemon for managing control groups

Posted Dec 18, 2013 9:45 UTC (Wed) by anselm (subscriber, #2796) [Link] (4 responses)

The kernel won't lock the machine if PID 1 dies; it will complain but keep running by itself.

The legend goes that there used to be people whose PID 1 would set up a bunch of iptables rules and associated config and then exit – which would give you a firewall/router that was absolutely free from outside interference if a bit inconvenient to manage.

Another daemon for managing control groups

Posted Dec 18, 2013 15:14 UTC (Wed) by raven667 (guest, #5198) [Link]

I've had that happen, but not intentionally 8-) I've had devices too where the block device died but everything that was commonly used an in RAM/cache was still accessible, that machine actually ran for a year or two in that state doing its job before it could be decommissioned.

Another daemon for managing control groups

Posted Dec 18, 2013 18:33 UTC (Wed) by dlang (guest, #313) [Link]

I did that once, as much to show I could as anything else.

Another daemon for managing control groups

Posted Jan 17, 2014 10:27 UTC (Fri) by etienne (guest, #25256) [Link] (1 responses)

> ... let PID 1 exit to have a secure router ...

I have a new question to an old answer, to secure a system after it has been correctly configured:
Can you get rid of /bin/sh (i.e. any sort of shell: bash, ksh, zsh...) and still have a booting computer if you use systemd?
That would be very difficult to try to compromise a computer if the shell has been removed...

Another daemon for managing control groups

Posted Jan 17, 2014 10:36 UTC (Fri) by Cyberax (✭ supporter ✭, #52523) [Link]

Yes, it's absolutely possible to boot a computer without any shell using systemd.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds