job-exec: set KillMode=process SendSIGKILL=no

Problem: For multi-user jobs spawned via SDEXEC, the systemd user instance running as the flux user does not have permission to kill guest processes, yet it does try and in the process may kill off the only process that does have permission to continue cleanup efforts, the IMP. When the job is run by the IMP and sdexec, Set KillMode=process so that systemd only delivers signals to the IMP, which it should forward to the shell and/or cgroup per RFC 15. Also set SendSIGKILL to "off" so that SIGKILL is never deployed against the IMP. Fixes #6399
flux-framework · Oct 31, 2024 · 2ea80ac · 2ea80ac
1 parent 0bb8962
commit 2ea80ac
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/src/modules/job-exec/exec.c b/src/modules/job-exec/exec.c
@@ -607,6 +607,20 @@ static int exec_init (struct jobinfo *job)
             flux_log_error (job->h, "exec_init: flux_cmd_setenvf");
             goto err;
         }
+        /* The systemd user instance running as user flux is not privileged
+         * to signal guest processes, therefore only signal the IMP and
+         * never use SIGKILL.  See flux-framework/flux-core#6399
+         */
+        if (streq (service, "sdexec")) {
+            if (flux_cmd_setopt (cmd, "SDEXEC_PROP_KillMode", "process") < 0
+                || flux_cmd_setopt (cmd,
+                                    "SDEXEC_PROP_SendSIGKILL",
+                                    "off") < 0) {
+                flux_log_error (job->h,
+                                "Unable to set multiuser sdexec options");
+                return -1;
+            }
+        }
         if (flux_cmd_argv_append (cmd, config_get_imp_path ()) < 0
             || flux_cmd_argv_append (cmd, "exec") < 0) {
             flux_log_error (job->h, "exec_init: flux_cmd_argv_append");