Merge pull request #18703 from poettering/cgroupsv1-bad

consider cgroupsv1 usage grounds for "tainting"
2025-03-31 14:50:15 +03:00 · 2021-02-19 18:25:17 +01:00 · 2021-02-19 18:25:17 +01:00 · 27a54998f4
commit 27a54998f4
parent ace0bd14ba 5cfbe7452f
2 changed files with 9 additions and 1 deletions
--- a/man/systemd.service.xml
+++ b/man/systemd.service.xml
@ -292,7 +292,11 @@
        will remove the file after the service has shut down if it still exists. The PID file does not need to be owned
        by a privileged user, but if it is owned by an unprivileged user additional safety restrictions are enforced:
        the file may not be a symlink to a file owned by a different user (neither directly nor indirectly), and the
-        PID file must refer to a process already belonging to the service.</para></listitem>
+        PID file must refer to a process already belonging to the service.</para>
+
+        <para>Note that PID files should be avoided in modern projects. Use <option>Type=notify</option> or
+        <option>Type=simple</option> where possible, which does not require use of PID files to determine the
+        main process of a service and avoids needless forking.</para></listitem>
      </varlistentry>

      <varlistentry>
--- a/src/core/manager.c
+++ b/src/core/manager.c
@ -4799,6 +4799,7 @@ char *manager_taint_string(Manager *m) {

        buf = new(char, sizeof("split-usr:"
                               "cgroups-missing:"
+                               "cgrousv1:"
                               "local-hwclock:"
                               "var-run-bad:"
                               "overflowuid-not-65534:"
@ -4815,6 +4816,9 @@ char *manager_taint_string(Manager *m) {
        if (access("/proc/cgroups", F_OK) < 0)
                e = stpcpy(e, "cgroups-missing:");

+        if (cg_all_unified() == 0)
+                e = stpcpy(e, "cgroupsv1:");
+
        if (clock_is_localtime(NULL) > 0)
                e = stpcpy(e, "local-hwclock:");