Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sandbox/cgroup: improve cgroup-based process termination algorithm #14513

Merged
merged 15 commits into from
Oct 1, 2024
Merged

sandbox/cgroup: improve cgroup-based process termination algorithm #14513

merged 15 commits into from
Oct 1, 2024

Commits on Sep 29, 2024

  1. sandbox/cgroup: improve cgroup-based process termination algorithm 

    unify termination algorithm for v1/v2
- for each snap cgroup:
  - while cgroup.procs is not empty:
    - SIGKILL each pid in cgroup.procs
- for v1 only, also kill pids found in freezer cgroup created by snap-confine
  - this is relevant for systemd v237 (used in ubuntu 18.04) for non-root users where the transient scope cgroups are not created

This logic drops the freeze/kill/thaw approach with all the weird v1/v2/kernel backward compatibility.

Signed-off-by: Zeyad Gouda <[email protected]>
    @ZeyadYasser
    ZeyadYasser committed Sep 29, 2024
    Configuration menu
    Copy the full SHA
    9da9133 View commit details
    Browse the repository at this point in the history

  2. sandbox/cgroup: address review comments 

    Signed-off-by: Zeyad Gouda <[email protected]>
    @ZeyadYasser
    ZeyadYasser committed Sep 29, 2024
    Configuration menu
    Copy the full SHA
    8e24620 View commit details
    Browse the repository at this point in the history

  3. tests: add a fork bomb variant for tests/main/snap-remove-terminate 

    This test variant stress-tests the new algorithm where snapd could be racing
after a fork bomb without doing freezing first by continuously killing pids
that show up until all pids are drained from cgroup.

Signed-off-by: Zeyad Gouda <[email protected]>
    @ZeyadYasser
    ZeyadYasser committed Sep 29, 2024
    Configuration menu
    Copy the full SHA
    577196c View commit details
    Browse the repository at this point in the history

  4. tests: address review comments 

    Signed-off-by: Zeyad Gouda <[email protected]>
    @ZeyadYasser
    ZeyadYasser committed Sep 29, 2024
    Configuration menu
    Copy the full SHA
    1f0f275 View commit details
    Browse the repository at this point in the history

  5. many: address review comments 

    Signed-off-by: Zeyad Gouda <[email protected]>
    @ZeyadYasser
    ZeyadYasser committed Sep 29, 2024
    Configuration menu
    Copy the full SHA
    f0012ce View commit details
    Browse the repository at this point in the history

  6. tests: fix wrong binary path 

    Signed-off-by: Zeyad Gouda <[email protected]>
    @ZeyadYasser
    ZeyadYasser committed Sep 29, 2024
    Configuration menu
    Copy the full SHA
    c4cfbd7 View commit details
    Browse the repository at this point in the history

  7. sandbox/cgroup: address fork bombs in KillSnapProcesses 

    Signed-off-by: Zeyad Gouda <[email protected]>
    @ZeyadYasser
    ZeyadYasser committed Sep 29, 2024
    Configuration menu
    Copy the full SHA
    8013083 View commit details
    Browse the repository at this point in the history

  8. sandbox/cgroup: add context propagation and timeout to killProcessesI… 

    …nCgroup

Signed-off-by: Zeyad Gouda <[email protected]>
    @ZeyadYasser
    ZeyadYasser committed Sep 29, 2024
    Configuration menu
    Copy the full SHA
    310f356 View commit details
    Browse the repository at this point in the history

  9. sandbox/cgroup: don't use freezer cgroup for tracking in KillSnapProc… 

    …esses for v1

Signed-off-by: Zeyad Gouda <[email protected]>
    @ZeyadYasser
    ZeyadYasser committed Sep 29, 2024
    Configuration menu
    Copy the full SHA
    37c8531 View commit details
    Browse the repository at this point in the history

  10. many: sync snap-confine and kill-snap-apps task 

    This syncs snap-confine and this task to make sure they are not racing
on two important resources:
   - Remove inhibition lock (which snap-confine exits when observing)
   - V1 freezer cgroup (which snap-confine creates and joins)

This is needed to address an issue in systemd v237 (used by Ubuntu 18.04) for
non-root users where no tracking transient scope cgroups are created except
the freezer cgroup which is created in snap-confine after the inhibition lock
is release by "snap run".

Effectively the sequence below is followed:
- kill-snap-apps task holds snap lock
- kill-snap-apps holds remove inhibition lock
- snap-confine holds snap lock
- snap-confine exits if remove inhibition lock exists
- snap-confine creates/joins freezer

Signed-off-by: Zeyad Gouda <[email protected]>
    @ZeyadYasser
    ZeyadYasser committed Sep 29, 2024
    Configuration menu
    Copy the full SHA
    d8f0ddd View commit details
    Browse the repository at this point in the history

  11. sandbox/cgroup: freeze/thaw per cgroup when killing snap apps on cgor… 

    …up v1

When sending SIGKILL signals to snap pids in a frozen v1 cgroup a thaw must
be done for those signals to take effect.

Signed-off-by: Zeyad Gouda <[email protected]>
    @ZeyadYasser
    ZeyadYasser committed Sep 29, 2024
    Configuration menu
    Copy the full SHA
    b218ec5 View commit details
    Browse the repository at this point in the history

  12. tests/main/snap-remove-terminate: prevent fork-bomb variant from dest… 

    …roying test machine

The fork-bomb test variant was destroying test machines especially those with
older systemd versions where DefaultTaskMax was unlimited.

This runs the fork-bomb test variant under a separate user whose TasksMax is
limited.

Signed-off-by: Zeyad Gouda <[email protected]>
    @ZeyadYasser
    ZeyadYasser committed Sep 29, 2024
    Configuration menu
    Copy the full SHA
    eeeb1ab View commit details
    Browse the repository at this point in the history

  13. tests/main/snap-remove-terminate: skip amazon-linux-2 for fork-bomb v… 

    …ariant

Amazon Linux 2 does not support systemd --user needed by the
fork-bomb variant of the test.

Signed-off-by: Zeyad Gouda <[email protected]>
    @ZeyadYasser
    ZeyadYasser committed Sep 29, 2024
    Configuration menu
    Copy the full SHA
    0006bc5 View commit details
    Browse the repository at this point in the history

  14. many: address review comments 

    Signed-off-by: Zeyad Gouda <[email protected]>
    @ZeyadYasser
    ZeyadYasser committed Sep 29, 2024
    Configuration menu
    Copy the full SHA
    1ffcb7c View commit details
    Browse the repository at this point in the history

Commits on Sep 30, 2024

  1. many: fix comment typos 

    Signed-off-by: Zeyad Gouda <[email protected]>
    @ZeyadYasser
    ZeyadYasser committed Sep 30, 2024
    Configuration menu
    Copy the full SHA
    9454158 View commit details
    Browse the repository at this point in the history