[Bug 2015126] Re: systemd doesn't successfully enforce RuntimeMaxSec for gnome session
Steve Langasek
2015126 at bugs.launchpad.net
Fri Apr 21 17:52:40 UTC 2023
On Fri, Apr 21, 2023 at 03:57:58PM -0000, Nick Rosbrook wrote:
> Also, to check the active runtime, can you use `systemctl show
> --property=ActiveEnterTimestamp session-X.scope`? Or just show the full
> output of systemctl status session-X.scope. It should inform us if it is
> counting up to RuntimeMaxSec.
A test session with a 5-minute limit:
# systemctl status session-35.scope --no-pager -l | sed -e's/User .*/User foo/'
● session-35.scope - Session 35 of User foo
Loaded: loaded (/run/systemd/transient/session-35.scope; transient)
Transient: yes
Active: active (running) since Fri 2023-04-21 10:42:20 PDT; 2min 15s ago
Tasks: 18
Memory: 56.8M
CPU: 2.325s
CGroup: /user.slice/user-1000.slice/session-35.scope
├─15573 "gdm-session-worker [pam/gdm-password]"
├─15745 /usr/bin/gnome-keyring-daemon --daemonize --login
├─15749 /usr/libexec/gdm-x-session --run-script "env GNOME_SHELL_SESSION_MODE=ubuntu /usr/bin/gnome-session --session=ubuntu"
├─15751 /usr/lib/xorg/Xorg vt3 -displayfd 3 -auth /run/user/1000/gdm/Xauthority -nolisten tcp -background none -noreset -keeptty -novtswitch -verbose 3
└─15762 /usr/libexec/gnome-session-binary --session=ubuntu
Apr 21 10:42:21 virgil /usr/libexec/gdm-x-session[15799]: dbus-update-activation-environment: setting QT_ACCESSIBILITY=1
Apr 21 10:42:21 virgil gnome-keyring-daemon[15745]: The Secret Service was already initialized
Apr 21 10:42:21 virgil gnome-keyring-daemon[15745]: The PKCS#11 component was already initialized
Apr 21 10:42:21 virgil gnome-keyring-daemon[15745]: The SSH agent was already initialized
Apr 21 10:42:21 virgil /usr/libexec/gdm-x-session[15751]: (II) modeset(0): EDID vendor "AUO", prod id 4204
Apr 21 10:42:21 virgil /usr/libexec/gdm-x-session[15751]: (II) modeset(0): Printing DDC gathered Modelines:
Apr 21 10:42:21 virgil /usr/libexec/gdm-x-session[15751]: (II) modeset(0): Modeline "1366x768"x0.0 69.30 1366 1414 1446 1454 768 771 777 793 -hsync -vsync (47.7 kHz eP)
Apr 21 10:42:25 virgil /usr/libexec/gdm-x-session[15751]: (II) modeset(0): EDID vendor "AUO", prod id 4204
Apr 21 10:42:25 virgil /usr/libexec/gdm-x-session[15751]: (II) modeset(0): Printing DDC gathered Modelines:
Apr 21 10:42:25 virgil /usr/libexec/gdm-x-session[15751]: (II) modeset(0): Modeline "1366x768"x0.0 69.30 1366 1414 1446 1454 768 771 777 793 -hsync -vsync (47.7 kHz eP)
# systemctl show --property=ActiveEnterTimestamp session-35.scope
ActiveEnterTimestamp=Fri 2023-04-21 10:42:20 PDT
# systemctl show --property=RuntimeMaxUSec session-35.scope
RuntimeMaxUSec=5min
#
# date
Fri Apr 21 10:52:23 PDT 2023
#
Still running past the limit.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer https://www.debian.org/
slangasek at ubuntu.com vorlon at debian.org
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/2015126
Title:
systemd doesn't successfully enforce RuntimeMaxSec for gnome session
Status in systemd package in Ubuntu:
Triaged
Status in systemd source package in Jammy:
Triaged
Status in systemd source package in Kinetic:
Triaged
Bug description:
On Jammy, I have configured systemd to set RuntimeMaxSec on certain
user sessions:
# cat /run/systemd/transient/session-43.scope
# This is a transient unit file, created programmatically via the systemd API. Do not edit.
[Scope]
Slice=user-1000.slice
[Unit]
Description=Session 43 of User xavier
Wants=user-runtime-dir at 1000.service
Wants=user at 1000.service
After=systemd-logind.service
After=systemd-user-sessions.service
After=user-runtime-dir at 1000.service
After=user at 1000.service
RequiresMountsFor=/home/xavier
[Scope]
SendSIGHUP=yes
TasksMax=infinity
RuntimeMaxSec=2h
#
I have verified that this does what's expected on an ssh session, and
kills the session when the runtime max has been reached.
But on a GNOME login session (using X), this apparently doesn't work:
the session is still running 17 hours after it should have been
terminated.
My guess is that systemd is ending the session by sending a signal
that is being ignored by the GNOME login session?
RuntimeMaxSec is not very useful if it's advisory...
ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: systemd 249.11-0ubuntu3.7
ProcVersionSignature: Ubuntu 5.19.0-38.39~22.04.1-generic 5.19.17
Uname: Linux 5.19.0-38-generic x86_64
ApportVersion: 2.20.11-0ubuntu82.3
Architecture: amd64
CasperMD5CheckResult: pass
CurrentDesktop: ubuntu:GNOME
Date: Mon Apr 3 12:20:22 2023
InstallationDate: Installed on 2023-01-22 (70 days ago)
InstallationMedia: Ubuntu 22.04.1 LTS "Jammy Jellyfish" - Release amd64 (20220809.1)
MachineType: LENOVO 2306CTO
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.19.0-38-generic root=UUID=c415e6a8-5cd2-4d08-913d-14c00b792374 ro quiet splash vt.handoff=7
SourcePackage: systemd
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 10/25/2013
dmi.bios.release: 2.57
dmi.bios.vendor: LENOVO
dmi.bios.version: G2ET97WW (2.57 )
dmi.board.asset.tag: Not Available
dmi.board.name: 2306CTO
dmi.board.vendor: LENOVO
dmi.board.version: Not Defined
dmi.chassis.asset.tag: No Asset Information
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: Not Available
dmi.ec.firmware.release: 1.13
dmi.modalias: dmi:bvnLENOVO:bvrG2ET97WW(2.57):bd10/25/2013:br2.57:efr1.13:svnLENOVO:pn2306CTO:pvrThinkPadX230:rvnLENOVO:rn2306CTO:rvrNotDefined:cvnLENOVO:ct10:cvrNotAvailable:skuLENOVO_MT_2306:
dmi.product.family: ThinkPad X230
dmi.product.name: 2306CTO
dmi.product.sku: LENOVO_MT_2306
dmi.product.version: ThinkPad X230
dmi.sys.vendor: LENOVO
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/2015126/+subscriptions
More information about the foundations-bugs
mailing list