sdexec: systemd tries to kill guest tasks without sufficient permission

[garlick]

Problem: the systemd user instance running as flux is not privileged to kill guest processes such as the job shell or tasks, yet it tries if the job does not finalize on its own.

The various options are documented in systemd.kill(5).

sdexec uses the default KillMode=control-group where

all remaining processes in the control group of this unit will be killed on unit stop

A better choice might be KillMode=process where

only the main process itself is killed (not recommended!)
Note that it is not recommended to set KillMode= to process or even none, as this allows processes to escape the service manager's lifecycle and resource management, and to remain running even while their service is considered stopped and is assumed to not consume any resources.

We should probably also set SendSIGKILL=no. If the IMP is waiting for processes, SIGKILLing the IMP would lose track of those processes.

[garlick]

Just updated the issue description. sdexec uses KillMode=control-group not mixed as originally stated.

[garlick]

Note that "unit stop" is initiated by sdexec once the main process (IMP) has terminated.

I think the recommendation above of setting KillMode=process SendSIGKILL=no still stands.

See also

• imp: exec: send SIGKILL to cgroup/children on SIGUSR1 flux-security#186