Demi Marie Obenour <demiobenour_at_gmail.com> writes:
> On 10/17/25 08:55, Leah Neukirchen wrote:
>> Hello,
>>
>> I'm happy to announce a new release of "nitro", a new supervisor akin
>> to daemontools/runit/perp/s6.
>>
>> These are the main applications nitro is designed for:
>> - As init for a Linux or NetBSD machine for embedded, desktop or
>> server purposes
>> - As init for a Linux initramfs
>> - As init for a Linux container (Docker/Podman/LXC/Kubernetes)
>> - As unprivileged supervision daemon on generic POSIX systems
>>
>> nitro 0.5 is pretty much feature complete and now supports (relative
>> to the the previous release announcement):
>> - usage as NetBSD init
>> - s6-compatible readiness notification
>> - event-driven nitroctl which can perform multiple actions in parallel
>> - improved usability and robustness
>> - new test suite, which passes on new and old Linux, FreeBSD, NetBSD, OpenBSD
>
> Do you plan to support cgroups on Linux? Those allow for much
> more robust supervision, including of daemons that do nasty things
> like double-fork. It's also necessary to be able to terminate child
> daemons reliably without the use of PID namespaces.
I considered it, but I don't think support in PID 1 itself is
necessary (for the double fork perhaps, but most software doesn't
double fork anymore and it hurts supervision anyway).
Basically, you can do everything in scripts, say:
/etc/nitro/sshd/run:
#!/bin/sh
mkdir -p /sys/fs/cgroup/nitro/sshd
echo "+memory +cpu +io" > /sys/fs/cgroup/cgroup.subtree_control
echo "+memory +cpu +io" > /sys/fs/cgroup/nitro/cgroup.subtree_control
echo $$ >/sys/fs/cgroup/nitro/sshd/cgroup.procs
exec /usr/bin/sshd -D
(you can configure limits here of course)
/etc/nitro/sshd/finish:
#!/bin/sh
echo 1 > /sys/fs/cgroup/nitro/sshd/cgroup.kill
Unfortunately, cgroups only can be killed using SIGTERM,
I wrote a small tool cgslay to do this a bit more gently (see attached).
hth,
--
Leah Neukirchen <leah_at_vuxu.org> https://leahneukirchen.org
Received on Sun Oct 19 2025 - 17:27:26 CEST