supervision - discussion about system services, daemon supervision, init, runlevel management, and tools such as s6 and runit
 help / color / mirror / Atom feed
From: Steve Litt <slitt@troubleshooters.com>
To: supervision@list.skarnet.org
Subject: Re: interesting claims
Date: Wed, 1 May 2019 03:26:14 -0400	[thread overview]
Message-ID: <20190501032614.67c656b6@mydesk.domain.cxm> (raw)
In-Reply-To: <11997211556565598@myt6-27270b78ac4f.qloud-c.yandex.net>

On Mon, 29 Apr 2019 21:19:58 +0200
Jeff <sysinit@yandex.com> wrote:

> i came across some interesting claims recently. on
> http://skarnet.org/software/s6/
> it reads
> 
> "suckless init is incorrect, because it has no supervision
> capabilities, and thus, killing all processes but init can brick the
> machine."

Oh, that.

First of all, Suckless Init is a PID1 that forks an rc script and then
hangs around reaping zombies. You could use that rc file to run
supervision systems such as daemontools-encore and the supervision part
of runit and s6. So Suckless Init is the PID1 part of an init system.
It's 83 lines of C.

There are three philosophies: 

1) The supervision should be done by PID1: Supported by Laurent Bercot

2) The supervision should be done outside of PID1: Perhaps supported by
   Rich Felker in his http://ewontfix.com/about/

> 
> a rather bold claim IMO !
> where was the "correct" init behaviour specified ?
> where can i learn how a "correct" init has to operate ?
> or is it true since s6-svscan already provides such respawn
> capabilities ? ;-)
> 
> there is actually NO need for a "correct" working init implementation
> to provide respawn capabilities at all IMO.
> this can easily done in/by a subprocess and has 2 advantages:
> 
> - it simplyfies the init implementation
> 
> - process #1 is the default subprocess reaper on any unix
>   implementation and hence a lot of terminated zombie subprocesses
>   get assigned to it, subprocesses that were not started by it.
>   if it has respawn capabilities it has to find out if any of this
> recently assigned but elsewhere terminated subprocesses is one of its
>   own childs to be respawned. if it has lots of services to respawn
>   this means lots of unnecessary work that could be also done
>   in/by a suprocess aswell.
> 
> when do you kill a non supvervised process running with UID 0
> "accidently" ? when calling kill ( -1, SIGTERM ) ?
> the kernel protects special/important processes in this case from
> being killed "accidently", that's true.
> but where do we usually see that ? in the shutdown stage, i guess.
> and that's exactly where one wants to kill all process with PID > 1
> (sometimes excluding the calling process since it has to complete
> more tasks). or when going into single user mode.
> 
> so this looks like a rather artificial and constructed argument for
> the necessity of respawn functionality in an init implementation IMO.
> 



-- 
SteveT

Steve Litt 
January 2019 featured book: Troubleshooting: Just the Facts
http://www.troubleshooters.com/tjust


  parent reply	other threads:[~2019-05-01  7:26 UTC|newest]

Thread overview: 37+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-04-29 19:19 Jeff
2019-04-30  2:49 ` Guillermo
2019-04-30  8:22 ` Laurent Bercot
2019-05-03  0:53   ` what init systems do you use ? Jeff
2019-05-11 18:45     ` Guillermo
2019-05-13 19:13     ` multiplexd
2019-05-13 20:36       ` Laurent Bercot
2019-05-13 21:09       ` Steve Litt
2019-05-14  2:34         ` Guillermo
2019-05-13 21:16       ` Joshua Ismael Haase Hernández
2019-05-14  5:50     ` Colin Booth
2019-05-14  7:15       ` eric vidal
2019-04-30  8:47 ` interesting claims Jonathan de Boyne Pollard
2019-05-01  7:26 ` Steve Litt [this message]
2019-05-01  7:33 ` Steve Litt
2019-05-01 18:13   ` Laurent Bercot
2019-05-15 17:22     ` Steve Litt
2019-05-15 23:22       ` Oliver Schad
2019-05-16  1:07         ` Steve Litt
2019-05-16  5:36           ` fungal-net
2019-05-16  8:32             ` Laurent Bercot
2019-05-16 17:10               ` Jeff
2019-05-17  0:23               ` Dewayne Geraghty
2019-05-17 11:21               ` fungal-net
2019-05-17 22:57                 ` Guillermo
2019-05-18  0:52                   ` Jeff
2019-05-18 16:26                     ` fungal-net
2019-05-18 20:04                       ` Guillermo
2019-05-19 11:24                         ` fungal-net
2019-05-19 12:57                           ` killall test run Jeff
2019-05-19 17:29                             ` Colin Booth
2019-05-19 20:39                             ` Guillermo
2019-05-19 23:06                               ` Laurent Bercot
2019-05-19 20:35                           ` interesting claims Guillermo
2019-05-03  1:37   ` how to handle system shutdown ? Jeff
2019-05-03 19:25     ` Laurent Bercot
2019-05-05  0:52       ` is it required to call kill() from process #1 ? Jeff

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190501032614.67c656b6@mydesk.domain.cxm \
    --to=slitt@troubleshooters.com \
    --cc=supervision@list.skarnet.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).