Skip to content

Commit fbb48d4

Browse files
ringlejpoettering
ringlej
authored and
poettering
committed
Make final kill signal configurable
Usecase is to allow changing the final kill from SIGKILL to SIGQUIT which should create a core dump useful for debugging why the service didn't stop with the SIGTERM
1 parent 2484bff commit fbb48d4

File tree

11 files changed

+42
-11
lines changed

11 files changed

+42
-11
lines changed

doc/TRANSIENT-SETTINGS.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -256,6 +256,7 @@ All process killing settings are available for transient units:
256256
✓ SendSIGHUP=
257257
✓ KillMode=
258258
✓ KillSignal=
259+
✓ FinalKillSignal=
259260
```
260261

261262
## Service Unit Settings

man/systemd.kill.xml

Lines changed: 23 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -94,7 +94,8 @@
9494
enabled with <varname>SendSIGHUP=</varname>). If then, after a
9595
delay (configured via the <varname>TimeoutStopSec=</varname>
9696
option), processes still remain, the termination request is
97-
repeated with the <constant>SIGKILL</constant> signal (unless
97+
repeated with the <constant>SIGKILL</constant> signal or the
98+
signal specified via <varname>FinalKillSignal=</varname> (unless
9899
this is disabled via the <varname>SendSIGKILL=</varname>
99100
option). See
100101
<citerefentry><refentrytitle>kill</refentrytitle><manvolnum>2</manvolnum></citerefentry>
@@ -135,9 +136,27 @@
135136
<varlistentry>
136137
<term><varname>SendSIGKILL=</varname></term>
137138
<listitem><para>Specifies whether to send
138-
<constant>SIGKILL</constant> to remaining processes after a
139-
timeout, if the normal shutdown procedure left processes of
140-
the service around. Takes a boolean value. Defaults to "yes".
139+
<constant>SIGKILL</constant> (or the signal specified by
140+
<varname>FinalKillSignal=</varname>) to remaining processes
141+
after a timeout, if the normal shutdown procedure left
142+
processes of the service around. Takes a boolean value.
143+
Defaults to "yes".
144+
</para></listitem>
145+
</varlistentry>
146+
147+
<varlistentry>
148+
<term><varname>FinalKillSignal=</varname></term>
149+
<listitem><para>Specifies which signal to send to remaining
150+
processes after a timeout if <varname>SendSIGKILL=</varname>
151+
is enabled. The signal configured here should be one that is
152+
not typically caught and processed by services (<constant>SIGTERM</constant>
153+
is not suitable). Developers can find it useful to use this to
154+
generate a coredump to troubleshoot why a service did not
155+
terminate upon receiving the initial <constant>SIGTERM</constant>
156+
signal. This can be achieved by configuring <varname>LimitCORE=</varname>
157+
and setting <varname>FinalKillSignal=</varname> to either
158+
<constant>SIGQUIT</constant> or <constant>SIGABRT</constant>
159+
Defaults to <constant>SIGKILL</constant>.
141160
</para></listitem>
142161
</varlistentry>
143162

shell-completion/bash/systemd-run

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -79,8 +79,8 @@ _systemd_run() {
7979
SendSIGKILL= MemoryLimit= CPUShares= BlockIOWeight= User= Group=
8080
DevicePolicy= KillMode= DeviceAllow= BlockIOReadBandwidth=
8181
BlockIOWriteBandwidth= BlockIODeviceWeight= Nice= Environment=
82-
KillSignal= LimitCPU= LimitFSIZE= LimitDATA= LimitSTACK=
83-
LimitCORE= LimitRSS= LimitNOFILE= LimitAS= LimitNPROC=
82+
KillSignal= FinalKillSignal= LimitCPU= LimitFSIZE= LimitDATA=
83+
LimitSTACK= LimitCORE= LimitRSS= LimitNOFILE= LimitAS= LimitNPROC=
8484
LimitMEMLOCK= LimitLOCKS= LimitSIGPENDING= LimitMSGQUEUE=
8585
LimitNICE= LimitRTPRIO= LimitRTTIME= PrivateTmp= PrivateDevices=
8686
PrivateNetwork= NoNewPrivileges= WorkingDirectory= RootDirectory=

shell-completion/zsh/_systemd-run

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -32,8 +32,8 @@ _arguments \
3232
SendSIGKILL= MemoryLimit= CPUShares= BlockIOWeight= User= Group= \
3333
DevicePolicy= KillMode= DeviceAllow= BlockIOReadBandwidth= \
3434
BlockIOWriteBandwidth= BlockIODeviceWeight= Nice= Environment= \
35-
KillSignal= LimitCPU= LimitFSIZE= LimitDATA= LimitSTACK= \
36-
LimitCORE= LimitRSS= LimitNOFILE= LimitAS= LimitNPROC= \
35+
KillSignal= FinalKillSignal= LimitCPU= LimitFSIZE= LimitDATA= \
36+
LimitSTACK= LimitCORE= LimitRSS= LimitNOFILE= LimitAS= LimitNPROC= \
3737
LimitMEMLOCK= LimitLOCKS= LimitSIGPENDING= LimitMSGQUEUE= \
3838
LimitNICE= LimitRTPRIO= LimitRTTIME= PrivateTmp= PrivateDevices= \
3939
PrivateNetwork= NoNewPrivileges= WorkingDirectory= RootDirectory= \

src/core/dbus-kill.c

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,13 +12,15 @@ const sd_bus_vtable bus_kill_vtable[] = {
1212
SD_BUS_VTABLE_START(0),
1313
SD_BUS_PROPERTY("KillMode", "s", property_get_kill_mode, offsetof(KillContext, kill_mode), SD_BUS_VTABLE_PROPERTY_CONST),
1414
SD_BUS_PROPERTY("KillSignal", "i", bus_property_get_int, offsetof(KillContext, kill_signal), SD_BUS_VTABLE_PROPERTY_CONST),
15+
SD_BUS_PROPERTY("FinalKillSignal", "i", bus_property_get_int, offsetof(KillContext, final_kill_signal), SD_BUS_VTABLE_PROPERTY_CONST),
1516
SD_BUS_PROPERTY("SendSIGKILL", "b", bus_property_get_bool, offsetof(KillContext, send_sigkill), SD_BUS_VTABLE_PROPERTY_CONST),
1617
SD_BUS_PROPERTY("SendSIGHUP", "b", bus_property_get_bool, offsetof(KillContext, send_sighup), SD_BUS_VTABLE_PROPERTY_CONST),
1718
SD_BUS_VTABLE_END
1819
};
1920

2021
static BUS_DEFINE_SET_TRANSIENT_PARSE(kill_mode, KillMode, kill_mode_from_string);
2122
static BUS_DEFINE_SET_TRANSIENT_TO_STRING(kill_signal, "i", int32_t, int, "%" PRIi32, signal_to_string_with_check);
23+
static BUS_DEFINE_SET_TRANSIENT_TO_STRING(final_kill_signal, "i", int32_t, int, "%" PRIi32, signal_to_string_with_check);
2224

2325
int bus_kill_context_set_transient_property(
2426
Unit *u,
@@ -47,5 +49,8 @@ int bus_kill_context_set_transient_property(
4749
if (streq(name, "KillSignal"))
4850
return bus_set_transient_kill_signal(u, name, &c->kill_signal, message, flags, error);
4951

52+
if (streq(name, "FinalKillSignal"))
53+
return bus_set_transient_final_kill_signal(u, name, &c->final_kill_signal, message, flags, error);
54+
5055
return 0;
5156
}

src/core/kill.c

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@ void kill_context_init(KillContext *c) {
99
assert(c);
1010

1111
c->kill_signal = SIGTERM;
12+
c->final_kill_signal = SIGKILL;
1213
c->send_sigkill = true;
1314
c->send_sighup = false;
1415
}
@@ -21,10 +22,12 @@ void kill_context_dump(KillContext *c, FILE *f, const char *prefix) {
2122
fprintf(f,
2223
"%sKillMode: %s\n"
2324
"%sKillSignal: SIG%s\n"
25+
"%sFinalKillSignal: SIG%s\n"
2426
"%sSendSIGKILL: %s\n"
2527
"%sSendSIGHUP: %s\n",
2628
prefix, kill_mode_to_string(c->kill_mode),
2729
prefix, signal_to_string(c->kill_signal),
30+
prefix, signal_to_string(c->final_kill_signal),
2831
prefix, yes_no(c->send_sigkill),
2932
prefix, yes_no(c->send_sighup));
3033
}

src/core/kill.h

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,7 @@ typedef enum KillMode {
2121
struct KillContext {
2222
KillMode kill_mode;
2323
int kill_signal;
24+
int final_kill_signal;
2425
bool send_sigkill;
2526
bool send_sighup;
2627
};

src/core/load-fragment-gperf.gperf.m4

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -151,7 +151,8 @@ m4_define(`KILL_CONTEXT_CONFIG_ITEMS',
151151
`$1.SendSIGKILL, config_parse_bool, 0, offsetof($1, kill_context.send_sigkill)
152152
$1.SendSIGHUP, config_parse_bool, 0, offsetof($1, kill_context.send_sighup)
153153
$1.KillMode, config_parse_kill_mode, 0, offsetof($1, kill_context.kill_mode)
154-
$1.KillSignal, config_parse_signal, 0, offsetof($1, kill_context.kill_signal)'
154+
$1.KillSignal, config_parse_signal, 0, offsetof($1, kill_context.kill_signal)
155+
$1.FinalKillSignal, config_parse_signal, 0, offsetof($1, kill_context.final_kill_signal)'
155156
)m4_dnl
156157
m4_define(`CGROUP_CONTEXT_CONFIG_ITEMS',
157158
`$1.Slice, config_parse_unit_slice, 0, 0

src/core/load-fragment.h

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -39,6 +39,7 @@ CONFIG_PARSER_PROTOTYPE(config_parse_exec_cpu_affinity);
3939
CONFIG_PARSER_PROTOTYPE(config_parse_exec_secure_bits);
4040
CONFIG_PARSER_PROTOTYPE(config_parse_capability_set);
4141
CONFIG_PARSER_PROTOTYPE(config_parse_kill_signal);
42+
CONFIG_PARSER_PROTOTYPE(config_parse_final_kill_signal);
4243
CONFIG_PARSER_PROTOTYPE(config_parse_exec_mount_flags);
4344
CONFIG_PARSER_PROTOTYPE(config_parse_timer);
4445
CONFIG_PARSER_PROTOTYPE(config_parse_trigger_unit);

src/core/unit.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4479,7 +4479,7 @@ static int operation_to_signal(KillContext *c, KillOperation k) {
44794479
return c->kill_signal;
44804480

44814481
case KILL_KILL:
4482-
return SIGKILL;
4482+
return c->final_kill_signal;
44834483

44844484
case KILL_ABORT:
44854485
return SIGABRT;

0 commit comments

Comments
 (0)