[Webkit-unassigned] [Bug 223479] New: [WPE][GTK] Run web processes in separate cgroups using systemd-run

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Mar 18 14:11:54 PDT 2021 

https://bugs.webkit.org/show_bug.cgi?id=223479

            Bug ID: 223479
           Summary: [WPE][GTK] Run web processes in separate cgroups using
                    systemd-run
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKitGTK
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mcatanzaro at gnome.org
                CC: bugs-noreply at webkitgtk.org

systemd 248 introduces systemd-oomd, a userspace oom killer contributed by Facebook. Unlike earlyoom and other earlier killers, systemd-oomd operates with cgroup-level granularity. That is, if a process in any given cgroup is using an excessive amount of memory, systemd-oomd will kill the entire cgroup all at once. This has implications for desktop environments like GNOME and KDE, which have started launching applications in separate cgroups to ensure a misbehaving application does not cause the entire desktop to be killed. It also has implications for multiprocess applications like terminals and web browsers.

In WebKit, the web processes are untrusted and are designed to crash and be restarted independently of each other. If a single web process uses an excessive amount of memory, we do not want systemd-oomd to kill the entire browser; instead, it should just kill the affected web process. We can achieve this using systemd-run. Of course, there is no point in doing this unless we are already building with -DUSE_SYSTEMD=ON. Also, we'll restrict this behavior to systemd 246 or newer, which adds the --slice-inherit argument to systemd-run. Both the bubblewrap sandbox launcher and the legacy unsandboxed process launcher are modified. The flatpak-spawn launcher is not modified because the spawn portal already runs subprocesses in a new cgroup. Note that it doesn't make sense to do this for the network process (or other trusted subprocesses), since WebKit is not designed to cope with the network process disappearing. Only the web processes should be run in separate cgroups.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210318/ce9b75b1/attachment.htm>

More information about the webkit-unassigned mailing list