| # Process Killer |
| |
| `process_killer` is a utility to search for and kill processes that might hold |
| up the tearing down and safe unmounting of stateful storage mounts/devices. |
| On ChromeOS, the mounts/devices of interest include any encrypted storage |
| mount/device (eg. cryptohome mounts, encrypted stateful partition's dm-crypt |
| device) as well as the stateful filesystem. |
| |
| `process_killer` looks for the following types of processes: |
| * Processes that have files open on matching paths of interest (controlled by |
| the CLI option `--file_holders`). |
| * Processes that have mounts open from devices of interest in a cloned mount |
| namespace (controlled by the CLI option `--mount_holders`). Such processes |
| don't prevent clean unmounts in the init mount namespace but will still |
| hold a reference to the mount (and by extension, the filesystem |
| superblock/underlying block device) during end of session and shutdown. |
| |
| `process_killer` is currently used in the following situations: |
| |
| * **Session End** (`ui-post-stop`): At end of the session, `process_killer` is |
| used to first find processes that have files open into the user |
| cryptohome. This allows cryptohome a shot into safely unmounting all encrypted |
| user mounts. As a failsafe, cryptohome falls back to doing a lazy unmount. |
| Finally, `process_killer` is called as a last resort for processes still |
| holding user cryptohome mounts in a cloned MS_PRIVATE mount namespace. |
| * **System Shutdown** (`chromeos_shutdown`): At shutdown, `process_killer` is |
| used as a last resort to kill any service still accessing stateful mounts. |
| Barring misconfigured init scripts, few processes are running at shutdown |
| so `process_killer` does a final sweep of all file and mount holders |
| before starting the teardown process for the stateful mounts. |
