service: place control command in subcgroup control/

Previously, we were brutally and onconditionally killing all processes
in a service's cgroup before starting the service anew, in order to
ensure that StartPre lines cannot be misused to spawn long-running
processes.

On logind-less systems this has the effect that restarting sshd
necessarily calls all active ssh sessions, which is usually not
desirable.

With this patch control processes for a service are placed in a
sub-cgroup called "control/". When starting a service anew we simply
kill this cgroup, but not the main cgroup, in order to avoid killing any
long-running non-control processes from previous runs.

https://bugzilla.redhat.com/show_bug.cgi?id=805942

1 files changed, 3 insertions, 2 deletions

diff --git a/src/core/execute.c b/src/core/execute.c
index 271c57f562..c59f7e2daa 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -962,6 +962,7 @@ int exec_spawn(ExecCommand *command,
                bool confirm_spawn,
                CGroupBonding *cgroup_bondings,
                CGroupAttribute *cgroup_attributes,
+               const char *cgroup_suffix,
                pid_t *ret) {
 
         pid_t pid;
@@ -1154,7 +1155,7 @@ int exec_spawn(ExecCommand *command,
                 }
 
                 if (cgroup_bondings) {
-                        err = cgroup_bonding_install_list(cgroup_bondings, 0);
+                        err = cgroup_bonding_install_list(cgroup_bondings, 0, cgroup_suffix);
                         if (err < 0) {
                                 r = EXIT_CGROUP;
                                 goto fail_child;
@@ -1505,7 +1506,7 @@ int exec_spawn(ExecCommand *command,
          * sure that when we kill the cgroup the process will be
          * killed too). */
         if (cgroup_bondings)
-                cgroup_bonding_install_list(cgroup_bondings, pid);
+                cgroup_bonding_install_list(cgroup_bondings, pid, cgroup_suffix);
 
         log_debug("Forked %s as %lu", command->path, (unsigned long) pid);