diff options
| author | Lennart Poettering <lennart@poettering.net> | 2023-03-29 22:07:22 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2023-04-13 06:44:27 +0200 |
| commit | b9c1883a9cd9b5126fe648f3e198143dc19a222d (patch) | |
| tree | f31bf560425d33c0d6933b20fe724e11942d6206 /man/systemd.service.xml | |
| parent | service: rework how we release resources (diff) | |
| download | systemd-b9c1883a9cd9b5126fe648f3e198143dc19a222d.tar.xz systemd-b9c1883a9cd9b5126fe648f3e198143dc19a222d.zip | |
service: add ability to pin fd store
Oftentimes it is useful to allow the per-service fd store to survive
longer than for a restart. This is useful in various scenarios:
1. An fd to some security relevant object needs to be stashed somewhere,
that should not be cleaned automatically, because the security
enforcement would be dropped then.
2. A user namespace fd should be allocated on first invocation and be
kept around until the user logs out (i.e. systemd --user ends), á la
#16328 (This does not implement what #16318 asks for, but should
solve the use-case discussed there.)
3. There's interest in allow a concept of "userspace reboots" where the
kernel stays running, and userspace is swapped out (i.e. all services
exit, and the rootfs transitioned into a new version of it) while
keeping some select resources pinned, very similar to how we
implement a switch root. Thus it is useful to allow services to exit,
while leaving their fds around till the very end.
This is exposed through a new FileDescriptorStorePreserve= setting that
is closely modelled after RuntimeDirectoryPreserve= (in fact it reused
the same internal type), since we want similar behaviour in the end, and
quite often they probably want to be used together.
Diffstat (limited to 'man/systemd.service.xml')
| -rw-r--r-- | man/systemd.service.xml | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/man/systemd.service.xml b/man/systemd.service.xml index 1b116b8372..7de1350a59 100644 --- a/man/systemd.service.xml +++ b/man/systemd.service.xml @@ -1066,7 +1066,7 @@ <literal>FDSTORE=1</literal> messages. This is useful for implementing services that can restart after an explicit request or a crash without losing state. Any open sockets and other file descriptors which should not be closed during the restart may be stored this way. Application state - can either be serialized to a file in <filename>/run/</filename>, or better, stored in a + can either be serialized to a file in <varname>RuntimeDirectory=</varname>, or stored in a <citerefentry><refentrytitle>memfd_create</refentrytitle><manvolnum>2</manvolnum></citerefentry> memory file descriptor. Defaults to 0, i.e. no file descriptors may be stored in the service manager. All file descriptors passed to the service manager from a specific service are passed back @@ -1075,7 +1075,8 @@ details about the precise protocol used and the order in which the file descriptors are passed). Any file descriptors passed to the service manager are automatically closed when <constant>POLLHUP</constant> or <constant>POLLERR</constant> is seen on them, or when the service is - fully stopped and no job is queued or being executed for it. If this option is used, + fully stopped and no job is queued or being executed for it (the latter can be tweaked with + <varname>FileDescriptorStorePreserve=</varname>, see below). If this option is used, <varname>NotifyAccess=</varname> (see above) should be set to open access to the notification socket provided by systemd. If <varname>NotifyAccess=</varname> is not set, it will be implicitly set to <option>main</option>.</para> @@ -1098,6 +1099,22 @@ </varlistentry> <varlistentry> + <term><varname>FileDescriptorStorePreserve=</varname></term> + <listitem><para>Takes one of <constant>no</constant>, <constant>yes</constant>, + <constant>restart</constant> and controls when to release the service's file descriptor store + (i.e. when to close the contained file descriptors, if any). If set to <constant>no</constant> the + file descriptor store is automatically released when the service is stopped; if + <constant>restart</constant> (the default) it is kept around as long as the unit is neither inactive + nor failed, or a job is queued for the service, or the service is expected to be restarted. If + <constant>yes</constant> the file descriptor store is kept around until the unit is removed from + memory (i.e. is not referenced anymore and inactive). The latter is useful to keep entries in the + file descriptor store pinned until the service manage exits.</para> + + <para>Use <command>systemctl clean --what=fdstore …</command> to release the file descriptor store + explicitly.</para></listitem> + </varlistentry> + + <varlistentry> <term><varname>USBFunctionDescriptors=</varname></term> <listitem><para>Configure the location of a file containing <ulink |