From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.comp.sysutils.supervision.general/2566 Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail From: "Laurent Bercot" Newsgroups: gmane.comp.sysutils.supervision.general Subject: Re: how to handle system shutdown ? Date: Fri, 03 May 2019 19:25:47 +0000 Message-ID: References: <11997211556565598@myt6-27270b78ac4f.qloud-c.yandex.net> <20190501033355.6e41e707@mydesk.domain.cxm> <20616231556847420@myt3-2475c4d2af83.qloud-c.yandex.net> Reply-To: "Laurent Bercot" Mime-Version: 1.0 Content-Type: text/plain; format=flowed; charset=utf-8 Content-Transfer-Encoding: quoted-printable Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226"; logging-data="159557"; mail-complaints-to="usenet@blaine.gmane.org" User-Agent: eM_Client/7.2.34711.0 To: "supervision@list.skarnet.org" Original-X-From: supervision-return-2156-gcsg-supervision=m.gmane.org@list.skarnet.org Fri May 03 21:35:29 2019 Return-path: Envelope-to: gcsg-supervision@m.gmane.org Original-Received: from alyss.skarnet.org ([95.142.172.232]) by blaine.gmane.org with smtp (Exim 4.89) (envelope-from ) id 1hMdnj-000HOf-Ga for gcsg-supervision@m.gmane.org; Fri, 03 May 2019 21:24:55 +0200 Original-Received: (qmail 19207 invoked by uid 89); 3 May 2019 19:25:18 -0000 Mailing-List: contact supervision-help@list.skarnet.org; run by ezmlm Original-Sender: Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Original-Received: (qmail 19200 invoked from network); 3 May 2019 19:25:18 -0000 In-Reply-To: <20616231556847420@myt3-2475c4d2af83.qloud-c.yandex.net> Xref: news.gmane.org gmane.comp.sysutils.supervision.general:2566 Archived-At: >but one can do without it and call the shutdown script by hand >which in the end does the reboot(2) call itself, thats perfectly >possible and the classical BSD way, so process #1 does not even >need to do the system shutdown itself. That's relying on a behaviour that Linux implements, and possibly BSD too, but that is not specified in POSIX: that the process that does a kill(-1, signal) is not affected by the kill() call. Before the reboot(2) system call, at some point you need to kill all processes ("kill -9 -1") so you can unmount filesystems and *then* call reboot(2). With the extended behaviour, the process that performs the kill -9 -1 survives, and can then go on to "stage 4", i.e. unmounting everything and telling the hardware to halt/reboot. But that is not POSIX. POSIX specifies that the kill signal will be sent to all processes "excluding an unspecified set of system processes". pid 1 is naturally part of those "system processes", but a shell, or a program that performs the shutdown sequence, with a random pid, cannot be. The only ways to perform a proper shutdown sequence that strictly conforms to POSIX are: - do it in pid 1 - do it *under a supervision tree*. When the shutdown sequence kills everything, it may also kill itself; if it is the case, it is restarted by the supervision tree, and can then go on to stage 4. The shutdown sequence generated by the current s6-linux-init-maker does the former. The shutdown sequence in the upcoming s6-linux-init performs the latter. It is not strictly necessary to do so on Linux, and apparently on BSD either, since those systems ensure the survival of the process sending the big nuke. But you need to be aware of this implementation detail before advertising the "classical BSD way". :) -- Laurent