On Mon, 24 Sep 2018 15:20:47 +0200 Lennart Poettering <lennart@xxxxxxxxxxxxxx> wrote: > On So, 23.09.18 10:38, Andrei Borzenkov (arvidjaar@xxxxxxxxx) wrote: > > > Dracut /shutdown script first tries to kill all processes still > > running off old root. Unfortunately this fails for special user > > process that runs bpfilter because it does not include reference > > to /oldroot in places where dracut looks for in > > kilall_proc_mountpoint() > > Hmm, when we invoke the /shutdown executable we already executed our > process killing spree as part of systemd-shutdown. How come your > processes even survive that long? What am I missing? I believe it's because the bpfilter helper process is identified as a kernel thread - since it has an empty command line - and therefore not killed. I personally feel this is a bug (in the kernel), but apparently this whole bpfilter thing isn't quite ready yet and shouldn't be used for the moment -- so hopefully it'll improve/be fixed in the mean time. You can see this thread[1] about the issue. Cheers, [1] https://www.spinics.net/lists/netdev/msg520030.html
