[Bug 1561658] Re: ppc64el ssh sessions don't run in session cgroup but in sshd's

Wed Mar 30 13:26:16 UTC 2016

Hi Martin,

The ssh session controller here is different from yours:

$ egrep 'systemd|pids' /proc/self/cgroup
11:pids:/system.slice/ssh.service
1:name=systemd:/system.slice/ssh.service

$ cat /sys/fs/cgroup/pids/system.slice/pids.max 
max

$ cat /sys/fs/cgroup/pids/system.slice/ssh.service/pids.max 
512

Here are the evidences you requested (journal.txt is attached above this
comment):

$ cat /proc/self/cgroup
11:perf_event:/
10:blkio:/
9:memory:/
8:net_cls,net_prio:/
7:freezer:/
6:cpuset:/
5:cpu,cpuacct:/
4:devices:/system.slice/ssh.service
3:hugetlb:/
2:pids:/system.slice/ssh.service
1:name=systemd:/system.slice/ssh.service

No error messages in "sudo journalctl -t sshd":
$ sudo journalctl -t sshd -l
-- Logs begin at Wed 2016-03-30 09:55:43 BRT, end at Wed 2016-03-30 10:01:01 BRT. --
Mar 30 09:55:44 gromero2 sshd[1902]: Server listening on 0.0.0.0 port 22.
Mar 30 09:55:44 gromero2 sshd[1902]: Server listening on :: port 22.
Mar 30 09:57:29 gromero2 sshd[1942]: Accepted publickey for gromero from 192.168.122.1 port 46308 ssh2: RSA SHA256:KD/WZk56NzE26ubz6Aw8LE1RdJfeQlRzJ36wwYHyE0c
Mar 30 09:57:29 gromero2 sshd[1942]: pam_unix(sshd:session): session opened for user gromero by (uid=0)

$XDG_SESSION_ID is unset, echo $XDG_SESSION_ID shows nothing.

$ sudo journalctl -t systemd-logind
-- Logs begin at Wed 2016-03-30 09:55:43 BRT, end at Wed 2016-03-30 10:03:34 BRT. --
Mar 30 09:55:44 gromero2 systemd-logind[1780]: New seat seat0.

$ loginctl
   SESSION        UID USER             SEAT            

0 sessions listed.

$ loginctl show-session $XDG_SESSION_ID
EnableWallMessages=no
NAutoVTs=6
KillExcludeUsers=root
KillUserProcesses=no
RebootToFirmwareSetup=no
IdleHint=yes
IdleSinceHint=0
IdleSinceHintMonotonic=0
InhibitDelayMaxUSec=5s
HandlePowerKey=poweroff
HandleSuspendKey=suspend
HandleHibernateKey=hibernate
HandleLidSwitch=suspend
HandleLidSwitchDocked=ignore
HoldoffTimeoutUSec=30s
IdleAction=ignore
IdleActionUSec=30min
PreparingForShutdown=no
PreparingForSleep=no
Docked=no

Thank you!

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1561658

Title:
  ppc64el ssh sessions don't run in session cgroup but in sshd's

Status in systemd package in Ubuntu:
  Incomplete

Bug description:
  On Ubuntu 16.04/ppc64el, the cgroup for a user session (bash) inherits
  from a sshd.service, when the user logs into the machine using SSH.

  This causes the amount of process to be limited by
  /etc/systemd/system/conf DefaultTasksMax=512

  This does not seem to happen on amd64. This is a cgroup tree diff:

  On x64, bash (in this case, PID 19405 ) spawned by sshd belongs to CGROUP session-5.scope->user-1003.slice->user.slice: 

  └─user.slice
    ├─user-1000.slice
    │ ├─session-1.scope
    │ │ ├─634 sshd: brenohl [priv]
    │ │ ├─660 sshd: brenohl at pts/0 
    │ │ └─661 -bash
    │ └─user at 1000.service
    │   ├─636 /lib/systemd/systemd --user
    │   └─637 (sd-pam)  
    └─user-1003.slice
      ├─session-5.scope
      │ ├─19379 sshd: gromero [priv]
      │ ├─19404 sshd: gromero at pts/1 
      │ ├─19405 -bash

  However, in ppc64le, bash (in this case, PID 1913), spawned by sshd
  belongs to CGROUP ssh.service->system.slice->-.slice:

  -.slice
  ├─1720 /sbin/cgmanager -m name=systemd
  ├─init.scope
  └─system.slice
    ├─dbus.service
    │ └─1699 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
    ├─cron.service
    │ └─1702 /usr/sbin/cron -f
    ├─ifup at eth0.service
    │ └─1833 /sbin/dhclient 
    ├─accounts-daemon.service
    │ └─1717 /usr/lib/accountsservice/accounts-daemon
    ├─system-serial\x2dgetty.slice
    │ └─serial-getty at hvc0.service
    │   └─1875 /sbin/agetty --keep-baud 115200 38400 9600 hvc0 vt220
    ├─systemd-journald.service
    │ └─1382 /lib/systemd/systemd-journald
    ├─systemd-timesyncd.service
    │ └─1639 /lib/systemd/systemd-timesyncd
    ├─ssh.service
    │ ├─1863 /usr/sbin/sshd -D
    │ ├─1897 sshd: gromero [priv]
    │ ├─1912 sshd: gromero at pts/0 
    │ ├─1913 -bash

  Having the user session associated with the systemd cgroups (/system.slice/ssh.service) instead of normal user/session cgroups (as user-XXXX.slice/session-5.scope), causes the process to be limited to the systemd TasksMax limit, thus, causing "Cannot fork" and "Resource temporary unavailable" problems when the amount of processes reaches this 512 limit.

  Gustavo Romero has more details about this problem, and will comment
  soon.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1561658/+subscriptions