GNU bug report logs - #76998
Guix Home leaves user shepherd on logout, starts new instance on login

Previous Next

Package: guix;

Reported by: dannym <at> friendly-machines.com

Date: Thu, 13 Mar 2025 19:11:02 UTC

Severity: important

Merged with 67863, 74912

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Danny Milosavljevic <dannym <at> friendly-machines.com>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#76998: closed (Guix Home leaves user shepherd on logout,
 starts new instance on login)
Date: Sun, 18 May 2025 12:32:03 +0000

[Message part 1 (text/plain, inline)]
Your message dated Sun, 18 May 2025 14:30:49 +0200
with message-id <87bjrqt81y.fsf <at> friendly-machines.com>
and subject line Re: bug#74912: bug#76998: Guix Home leaves user shepherd on logout, starts new instance on login
has caused the debbugs.gnu.org bug report #76998,
regarding Guix Home leaves user shepherd on logout, starts new instance on login
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
76998: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=76998
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: dannym <at> friendly-machines.com
To: Bug Guix <bug-guix <at> gnu.org>
Subject: user shepherd stays around with some zombies
Date: Thu, 13 Mar 2025 20:10:36 +0100

Steps to reproduce:

1. Log into the console using your regular user
2. Log into GUI using your regular user
3. Log out of GUI
4. Switch to logged-in console
5. Run "px --tree" there
6. Observe the following:

shepherd(1)
  accounts-daemon(1110)
  avahi-daemon:(2443)
    avahi-daemon:(2446)
  bluetoothd(1026)
  colord(25587)
  cupsd(2440)
  dbus-daemon(769)
  dnsmasq(1845)
    dnsmasq(1846)
  earlyoom(744)
  elogind(1024)
  gdm(1038)
  guix-daemon(740)
  libvirtd(1023)
  login(26536)
    -bash(6739)
  mcron(747)
  mingetty... (5×)
  ModemManager(1276)
  NetworkManager(1256)
  nginx:(797)
    nginx:(798)
  nscd(2177)
  polkitd(1231)
  postgres(852)
    postgres:... (6×)
  rasdaemon(796)
  rpc.idmapd(2447)
  rpc.mountd(2501)
  rpc.statd(2444)
  rpcbind(2441)
  shepherd(6395) <--- also dannym
    [dbus-daemon](6397)
    [ssh-agent](6444)
    [xdg-permission-](6411)
    wireplumber(6399)
  shepherd(26114) <--- dannym
    dbus-daemon(6881)
    pipewire(6882)
    pipewire-pulse(6883)
    ssh-agent(6880)
    wireplumber(6888)
    xdg-permission-store(7259)
  udevd(330)
  upowerd(1025)
  virtlogd(742)
  wpa_supplicant(1045)

Those "[...]" with brackets mean that these processes were not reaped 
(so is defunct).

What the hell?

$ guix describe
Generation 194	Mar 13 2025 19:11:33	(current)
  guix 678b3dd
    repository URL: https://git.savannah.gnu.org/git/guix.git
    branch: master
    commit: 678b3dddfe442e643fe5cff7730d4f9690c3e2c2



[Message part 3 (message/rfc822, inline)]
From: Danny Milosavljevic <dannym <at> friendly-machines.com>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 74912 <at> debbugs.gnu.org, 76998 <at> debbugs.gnu.org, Tomas Volf <~@wolfsden.cz>,
 76998-done <at> debbugs.gnu.org, Jake <jforst.mailman <at> gmail.com>,
 Daniel Littlewood <dan <at> danielittlewood.xyz>
Subject: Re: bug#74912: bug#76998: Guix Home leaves user shepherd on logout,
 starts new instance on login
Date: Sun, 18 May 2025 14:30:49 +0200

[Message part 4 (text/plain, inline)]
Hi Ludo,

That is not a fix.  It's a workaround for now.

It's good that the "is a shepherd already running" check is back in shepherd.  It was in shepherd years ago, then got removed without explanation, then now it's back again (now in a very convoluted but safer way).  This shouldn't have been removed in the first place.  It's EXTREMELY dangerous to have multiple parallel shepherds for the same user (automated backup service destroying backups etc).  Please, let's not remove it ever again.

In any case, what shepherd 1.0.4 does is stop the bleeding, but not fix the problem:
It prevents two (or 100) user shepherds for the same user from running in parallel.
It does not stop shepherd when a user closed all their sessions.

Why close this bug report before elogind is patched and before ~/.bash_logout is generated in guix home?  That makes no sense.

Also, I don't understand why this is so broken for so long.  Isn't Guix used in HPC?
Doesn't HPC need support for multiple sessions for the same user on day one?

My untested elogind patch that invokes shepherd root stop is attached.  Reading the elogind source code, especially what they patched out and what they added themselves, makes me despair.  Why is it so terrible?  That all used to be fine! :P

Even my patch is not great.  A service manager's job is to manage services.  PID 1 is the main service manager.  It should manage services.  One of those services should be the user's shepherd, which should be managed by PID 1 shepherd and not weirdly attached to an already-running session (WTF!) of the user by this:

~$ cat ~/.profile
HOME_ENVIRONMENT=$HOME/.guix-home
. $HOME_ENVIRONMENT/setup-environment
$HOME_ENVIRONMENT/on-first-login
unset HOME_ENVIRONMENT

In my opinion, no one but the service manager should manage services.  Does ~/.profile look like a service manager?  No :P

I understand that we want to support this on non-guix-system stuff.  But the default should be a systemd user service to run the user shepherd.  If the user absolutely wants to do a workaround like ~/.profile above, fine, they can.  But let's not do that by default.

The problems with my elogind patch are the following:
- What if "herd stop root -s ..." hangs?  Then elogind hangs forever?  No one can log in or out anymore?  That's not okay.  Therefore, I don't wait.  Now user processes can have the floor upon they are walking removed on user stop, while they still need it :P
- When can /run/user/1000 be deleted?  There's a weird GC mechanism in elogind for that, and my patch says it can be deleted before waiting on the result of herd stop (see above why).  If I DID wait on the result of herd stop, I could wait indefinitely--which is not okay.  I think elogind uses signalfd, so I can't waitpid in a random spot either, or wait until waitpid returned.  I think the user shepherd knows when to delete /run/user/1000--and no one else.  But if user shepherd crashes, it won't delete /run/user/1000 and we want it to be able to start again even when /run/user/1000 is still there.  Hence complicated shepherd fix in 1.0.4 is useful.
- There is tool_fork_pid and sleep_fork_pid in elogind which is not a queue.  And, again, that is trying to be a service manager.  What if those scripts hang?  What if they DON'T hang?  Similar questions as before.  Separate the concerns already :P

Personally, I'd also like something that, if all sessions of user x are closed, it kills all remaining processes of that effective user id.  elogind has a setting KillUserProcesses that--despite the name--kills (WHICH!?) processes when a SESSION (of 42 sessions of that user :P) is closed.  Who wants THAT?  And even if someone does: how would THAT be implemented?

elogind is like containers never happened.  It's so weird.

I think to fix this problem for good, first there needs to be a system diagram created on how this is supposed to work.


[ELOGIND.patch (text/x-patch, attachment)]
This bug report was last modified today.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.