Incomplete initialization of user-$UID.slice disturbing per-user resource control

[ghost]

systemd version the issue has been seen with

239-5 in Debian unstable

Used distribution

Debian unstable running in a systemd-nspawn on debian unstable.

Expected behaviour you didn't see

With configuration

ryutaroh@unstable-plain:~$ systemctl cat user-$UID.slice
# /usr/lib/systemd/system/user-.slice.d/10-defaults.conf
(deleted lines here)
# /etc/systemd/system/user-.slice.d/memhigh.conf
[Slice]
MemoryHigh=4G

The resource control file /sys/fs/cgroup/user.slice/user-$UID.slice/memory.high should be 4294967296

Unexpected behaviour you saw

We do not have /sys/fs/cgroup/user.slice/user-$UID.slice/memory.high and the resource control is not functioning. I am pretty sure that this issue is just another symptom of 9502 and 9512 because the common workaround prevents this issue from appearing.

Steps to reproduce the problem

1. Enable the unified cgroup hierarchy for systemd.

2. Make the following file as /etc/systemd/system/user-.slice.d/memhigh.conf

[Slice]
MemoryHigh=4G

3. Login and see /sys/fs/cgroup/user.slice/user-$UID.slice/memory.high

[poettering]

What does "systemctl status" say on "user-$UID.slice"? Did it find the drop-in?

Does systemctl show -p MemoryHigh user-$UID.slice say about the property? Does it show the parsed value?

[ghost]

@poettering Thanks for your response. I will submit the required information with the absolutely untouched installation of systemd 239-5 in Debian unstable running in a systemd-nspawn container runnning on Debian unstable. I removed all of my custom configuration files but my environment still has the symptom with TasksMax = pids.max as below, as well as 9502 and 9512. I think the old UserTasksMax in logind.conf was replaced by /usr/lib/systemd/system/user-.slice.d/10-defaults.conf in v239 and it should also work.

root@unstable-plain:~# ls /sys/fs/cgroup/user.slice/user-$UID.slice
cgroup.controllers  cgroup.max.depth	    cgroup.procs  cgroup.subtree_control  cgroup.type  session-4.scope
cgroup.events	    cgroup.max.descendants  cgroup.stat   cgroup.threads	  cpu.stat     [email protected]

If this symptom does not occur with other installations then I will simply go to the Debian bug tracking system, probably with 9502 and 9512. First of all, systemd-delta says

root@unstable-plain:~# systemd-delta 
[EXTENDED]   /usr/lib/systemd/system/rc-local.service → /usr/lib/systemd/system/rc-local.service.d/debian.conf
[EXTENDED]   /usr/lib/systemd/system/systemd-resolved.service → /usr/lib/systemd/system/systemd-resolved.service.d/resolvconf.conf

2 overridden configuration files found.

All systemd-related Debian packages (e.g. libnss-systemd) are installed.

What does "systemctl status" say on "user-$UID.slice"?

root@unstable-plain:~# systemctl status --full user-$UID.slice
● user-0.slice - User Slice of UID 0
   Loaded: loaded
  Drop-In: /usr/lib/systemd/system/user-.slice.d
           └─10-defaults.conf
   Active: active since Sat 2018-07-14 05:14:01 JST; 1min 53s ago
   CGroup: /user.slice/user-0.slice
           ├─session-4.scope
           │ ├─33 sshd: root@pts/0
           │ ├─46 -bash
           │ └─52 systemctl status --full user-0.slice
           └─[email protected]
             └─init.scope
               ├─36 /lib/systemd/systemd --user
               └─37 (sd-pam)

Jul 14 05:14:01 unstable-plain.fujii.nuee.nagoya-u.ac.jp systemd[1]: Created slice User Slice of UID 0.
Jul 14 05:14:01 unstable-plain.fujii.nuee.nagoya-u.ac.jp systemd[36]: pam_unix(systemd-user:session): session opened for user root by (uid=0)
Jul 14 05:14:01 unstable-plain.fujii.nuee.nagoya-u.ac.jp systemd[36]: Starting D-Bus User Message Bus Socket.
Jul 14 05:14:01 unstable-plain.fujii.nuee.nagoya-u.ac.jp systemd[36]: Reached target Timers.
Jul 14 05:14:01 unstable-plain.fujii.nuee.nagoya-u.ac.jp systemd[36]: Reached target Paths.
Jul 14 05:14:01 unstable-plain.fujii.nuee.nagoya-u.ac.jp systemd[36]: Listening on D-Bus User Message Bus Socket.
Jul 14 05:14:01 unstable-plain.fujii.nuee.nagoya-u.ac.jp systemd[36]: Reached target Sockets.
Jul 14 05:14:01 unstable-plain.fujii.nuee.nagoya-u.ac.jp systemd[36]: Reached target Basic System.
Jul 14 05:14:01 unstable-plain.fujii.nuee.nagoya-u.ac.jp systemd[36]: Reached target Default.
Jul 14 05:14:01 unstable-plain.fujii.nuee.nagoya-u.ac.jp systemd[36]: Startup finished in 87ms.

Did it find the drop-in?

Yes, see below. Please note that only TasksMax is set but MemoryHigh isn't as I removed all of my config files.

root@unstable-plain:~# systemctl cat user-$UID.slice
# /usr/lib/systemd/system/user-.slice.d/10-defaults.conf
#  SPDX-License-Identifier: LGPL-2.1+
#
#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.

[Unit]
Description=User Slice of UID %j
After=systemd-user-sessions.service

[Slice]
TasksMax=33%

Does systemctl show -p MemoryHigh user-$UID.slice say about the property? Does it show the parsed value?

Yes, see below.

root@unstable-plain:~# systemctl show -p TasksMax user-$UID.slice
TasksMax=9926

Hope this helps.

[ghost]

In case of this issue being distro-specific, I created a disk image for qemu/kvm here so that users of other distros can reproduce and investigate this issue. The file is tar+gzipped QCOW2 image file of 600 MB, and it can be used with Import existing disk image in Create a new virtual machine window of virt-manager. In the disk image,

• Architecture is x86-64 and systemd package version is 239-5.
• Debian buster (testing) as of 15 July 2018 with standard and openssh server are selected in the installation process of Debian buster alpha 3 installer.
• libnss-systemd, systemd-coredump, systemd-tests and gdb are added by apt-get.
• User root has password root and user guest2 has password guest2.
• Configuration files are untouched except /etc/default/grub to enable the unified cgroup hirerarchy.
• Keyboard config is US and it can be changed by dpkg-reconfigure keyboard-configuration.
• Ssh login is accepted but root ssh login is not allowed.

If you find this issue being a problem of Debian, please let me know.

[ghost]

I changed the issue title because TasksMax in /usr/lib/systemd/system/user-.slice.d/10-defaults.conf is also ignored.

@poettering As an additional reporter feedback, I set systemd.debug_level=debug, grep'ed Failed to enable controller and found the following related logs:

Jul 17 21:49:57 debian-testing systemd[1]: Failed to enable controller memory for /user.slice/user-0.slice (/sys/fs/cgroup/user.slice/user-0.slice/cgroup.subtree_control): No such file or directory
Jul 17 21:49:57 debian-testing systemd[1]: Failed to enable controller pids for /user.slice/user-0.slice (/sys/fs/cgroup/user.slice/user-0.slice/cgroup.subtree_control): No such file or directory

The reason behind the above error logs is, in my opinion, that /sys/fs/cgroup/user.slice/cgroup.subtree_control is completely empty. I wonder if cg_enable_everywhere() in basic/cgroup-util.c has to be called against user.slice before user-$UID.slice and it isn't now.

[ghost]

The cuase of this issue seems incomplete initialization of user-$UID.slice. More explicit initialization of user-$UID.slice solves the issue. For example, prepare the following file as /etc/systemd/systemd/user-1000.slice and run systemctl enable user-1000.slice. Then UID 1000 does not experience this issue from the next reboot.

[Unit]
Description=User Slice of UID 1000
After=systemd-user-sessions.service

[Slice]
TasksMax=33%

[Install]
WantedBy=multi-user.target

[ghost]

Additional information: This issue disappears if user@$UID.service is started by multi-user.target, without explicit start of user-$UID.slice by multi-user.target. This issue continues to appear after loginctl enable-linger $UID is executed by root.

[poettering]

I am pretty sure this is closed in v241. Let's close this hence. Please reopen/report back if you can reproduce this on v241.