-
Simon McVittie authored
After executing the ExecStop command-line or sending SIGTERM, by default systemd will wait up to 90 seconds for a service to exit before it becomes impatient and sends SIGKILL. This seems far too long for our use-case; wait 10 seconds instead. The choice of this arbitrary timeout is a trade-off. If it is too short, applications with a lot of state to serialize to disk might be killed before they have done so (we'd better hope they're using crash-safe I/O patterns like g_file_set_contents()). If it is too long, a user uninstalling an app-bundle will be left waiting a long time. When Ribchester calls TerminateBundle (T2696) it will need to wait a little longer than this; whatever timeout it uses, a broken or compromised per-user instance of Canterbury would be able to delay app-bundle upgrade, rollback or removal by up to that long. Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Frédéric Dalleau <frederic.dalleau@collabora.co.uk> Differential Revision: https://phabricator.apertis.org/D7088
6338e04a