Long delay before memory wipe starts on Stretch
I think that’s a regression since I’ve bumped the APT snapshots yesterday.
Related to Tails -
#5 Updated by intrigeri 2016-12-22 14:36:32
● session-c1.scope - Session c1 of user Debian-gdm Loaded: loaded (/run/systemd/transient/session-c1.scope; transient; vendor preset: enabled) Transient: yes Active: active (running) since Thu 2016-12-22 14:25:22 UTC; 1min 36s ago CGroup: /user.slice/user-114.slice/session-c1.scope ├─1642 gdm-session-worker [pam/gdm-launch-environment] ├─1791 /usr/lib/gdm3/gdm-x-session gnome-session --autostart /usr/share/gdm/greeter/autostart ├─1802 /usr/lib/xorg/Xorg vt1 -displayfd 3 -auth /run/user/114/gdm/Xauthority -background none -noreset -keeptty -verbose 3 ├─1888 /usr/lib/gnome-session/gnome-session-binary --autostart /usr/share/gdm/greeter/autostart ├─1913 /usr/lib/gnome-settings-daemon/gnome-settings-daemon ├─1917 /usr/bin/spice-vdagent └─1940 /usr/bin/pulseaudio --start --log-target=syslog
#6 Updated by intrigeri 2016-12-22 14:38:43
sudo systemctl stop session-c1.scope:
● session-c1.scope - Session c1 of user Debian-gdm Loaded: loaded (/run/systemd/transient/session-c1.scope; transient; vendor preset: enabled) Transient: yes Active: deactivating (stop-sigterm) since Thu 2016-12-22 14:37:40 UTC; 20s ago CGroup: /user.slice/user-114.slice/session-c1.scope └─1802 /usr/lib/xorg/Xorg vt1 -displayfd 3 -auth /run/user/114/gdm/Xauthority -background none -noreset -keeptty -verbose 3
#7 Updated by intrigeri 2016-12-22 15:41:36
- Status changed from Confirmed to In Progress
- % Done changed from 0 to 10
- Type of work changed from Research to Code
systemctl --signal=SIGKILL kill session-c1.scope as root before triggering shutdown.
I’ve tried to edit
session-c1.scope to lower its
TimeoutStopSec and add
DefaultDependencies=false (so that shutdown doesn’t block on it), but that won’t work, probably because “This is a transient unit file, created programmatically via the systemd API. Do not edit”.
So I see three options:
- Be radical! find out why GDM’s Xorg apparently ignores SIGTERM (maybe due to sharing its
-displayfdwith the amnesia user’s Xorg?) => I lack the low-level skills to track this down, but it would be the best option.
/etc/systemd/system.conf: it feels hackish, but OTOH it means that shutdown won’t ever be blocked by any buggy service that takes a while to stop, which can be seen as a safety feature in the context of Tails, since we want to wipe memory afterwards.
- Replace our calls to
poweroffwith some wrapper that forcibly kills the
session-c1.scopebefore actually running
poweroff. This seems just as hackish as the previous option, without what I see as an advantage.
So I’ll go with the 2nd option.