18.02.2020, 10:39, "Laurent Bercot" <ska-supervis...@skarnet.org>: > An additional reason is that signaling init is not a casual operation; > instead it's part of a very limited API between the kernel and user > space, to be used in very controlled, exhaustively listed, situations.
right. > Now, *as a separate conversation*, you can say that s6-svscan should > be able to handle every signal that the kernel can throw at it, no > matter how unportable. And it is a reasonable request: there are good > arguments for it. indeed. > In the latter case, the kernel takes precedence over init, the kernel > decides what the API is and init must adapt. If the kernel says "when > I get a power failure, I send you SIGPWR", init cannot say "uh, no, > I wish you'd send SIGUSR2 instead". Shut up and handle SIGPWR. right. > In the former case, lxd *emulates* a kernel, and is supposed to adapt > to every kind of init that runs in a container, so it should follow > existing conventions and be able to adapt to every init. And that's > exactly why the lxc.signal.stop configuration switch exists! really ? a process #1 in a namespace is not the "real" process #1, hence there is no requirement to use a "real" init program here. instead it is required to react to all signals lxd may sent if said process #1 was spawned by it. of course things would be easier for everybody if lxd could follow exsiting conventions on the linux platform, i cannot see why it does not use TERM, USR1/2 and so on instead to notify the process #1 it started. but it has no obligation to do so. i guess the only case with a special meaning for SIGPWR is when the real kernel notifies the real process #1 of a power shortage. hence lxd is free to abuse this signal for its own purposes. but this default choice looks indeed quite strange. > systemd, always being a special snowflake, uses SIGRTMIN+3 > and SIGRTMIN+4, because any other choice made way too much sense. why should it not use the RT sigs for this ? this is absolutely ok as linux provides them anyway (unlike OpenBSD). > None of them uses SIGPWR, and for a good reason: SIGPWR does not mean > "the admin requested a system shutdown", it means "power failure". And > it is very possible that the action implemented by the system in case > of a power failure is very different from a shutdown: it could be a > suspend-to-disk, for instance (which is faster than a full shutdown, and > when the power fails you want to save your data *fast*). So, even for > inits that actually understand SIGPWR - and most of them actually do - > SIGPWR is a *terrible* default choice of signal to send as a shutdown > request. It already has a use, and the use is not a normal shutdown. right, agreed. > Arguably, lxc.signal.halt should *always* be set to something else, be > it SIGTERM, SIGUSR1, SIGUSR2, or even lolSIGRTMIN+3. would have been a more obvious choice indeed, but they decided against and this is also ok since this is not the kernel. > So, if you're asking me to implement SIGPWR support in s6 because that's > what lxd sends by default to signal a container shutdown, I will laugh > at you, because you are being, uh, "ridicolous". not really, catch it and let the user handle it, that way s6-svscan could be used as process #1 in an LXC process namespace without problems. > On the other hand, if > you're telling me that s6-svscan needs to understand SIGPWR in case the > kernel wants to signal a power failure, you actually have a good point, > and yes, I should implement SIGPWR support when this signal exists. right, it should be caught anyway and the user should decide via a hook executable what to do about it (see if power returns after a while, sync and suspend to disk if not naturally come to mind here). s6 should also catch SIGWINCH (keyboard request) and let the user handle it via a hook executable if the signal exists btw. dunno if it already does so. you are absolutely right that one should not abuse SIGPWR to signal poweroff to the "real" process #1 started by the kernel, there exist enough other signals for that purpose.