Initial setup PAM session and processes leaked
At the end of the GNOME Initial Setup process, the GIS window closes and the user's session begins. However, many processes from the gnome-initial-setup session are leaked, including the systemd --user
session, the session bus, ibus daemon, some gvfs daemons, and other bits and bobs (including, on Fedora with Wayland, all of gsd-*, pipewire, pulseaudio, ...). Killing the systemd --user
process causes them all to die. systemd-cgls
shows they are all rooted in a slice for the g-i-s user.
What seems to be happening is, when transforming the GIS session into new user's session:
-
on_start_user_session
-
gdm_display_stop_greeter_session
-
gdm_launch_environment_stop
-
gdm_signal_pid (-launch_environment->priv->pid, SIGTERM);
to kill the gnome-session process tree -
gdm_session_close
-
do_reset
→stop_all_conversations
→stop_all_other_conversations (..., TRUE)
→ various functions →gdm_session_worker_job_stop
res = gdm_signal_pid (session_worker_job->priv->pid, SIGTERM);
-
-
-
-
gdm-session-worker
handles SIGTERM
by immediately calling _exit
. But it is the gdm-session-worker process which calls pam_open_session()
and pam_close_session()
; it is pam_systemd
, invoked from those, which asks logind to CreateSession
/ReleaseSession
. Killing the gdm-session-worker
process means pam_close_session()
is not called, so logind is never told to ReleaseSession
.
I wrote a quick patch to make gdm-session-worker
react to SIGTERM
by tearing itself down cleanly 0001-WIP-session-worker-tear-down-PAM-session-on-SIGTERM.patch and this does fix the problem. However, I looked though the commit history and discovered 6b858695 where the handling of SIGTERM
was deliberately changed to _exit
in case the main loop is blocked in some synchronous PAM call, so making that change would regress https://bugzilla.gnome.org/show_bug.cgi?id=755291.
So I'm not quite sure how best to fix this. In principle one could just kill the gnome-session
pgrp and wait for gdm-session-worker
to notice and "organically" close the PAM session, rather more like a real session getting torn down. Or gnome-initial-setup could be changed to cleanly end its session, and have GDM handle that specially. (I don't quite understand how the sequence of events leading to on_start_user_session
to transmute the GIS session into the user session works currently.)
In Endless, we currently ship 3.26, configured with --disable-wayland-support --disable-user-display-server
. (According to the commit message adding this flag: “This is necessary for the Mali driver to access the kernel's DRM interface. Besides, this also avoids the problem of running two instances of [gnome]-shell at the same time[.]”) So we thought this might be related to the !ENABLE_USER_DISPLAY_SERVER
=> GDM_SESSION_DISPLAY_MODE_REUSE_VT
code paths, or be already fixed upstream. But I reproduced this problem on a Fedora 29 system, with Wayland enabled, which by my reading of gdm_session_get_display_mode
will follow the GDM_SESSION_DISPLAY_MODE_NEW_VT
paths.
We care about these leaked processes not only for aesthetic & wasted RAM reasons, but because we have some customizations that can cause windows other than those from the gnome-initial-setup process to be shown; these are leaked into the new user session, too.