s6 - skarnet's small supervision suite (original) (raw)

Software
skarnet.org

What is it ?

s6 is a small suite of programs for UNIX, designed to allow process supervision (a.k.a service supervision), in the line of daemontoolsand runit, as well as various operations on processes and daemons. It is meant to be a toolbox for low-level process and service administration, providing different sets of independent tools that can be used within or without the framework, and that can be assembled together to achieve powerful functionality with a very small amount of code.

Examples of things you can do by assembling together several programs provided by s6 - besides process supervision:

• syslogd functionality, using much less resources than the traditional syslogd.
• Reliable service readiness notification, which is the basis for service dependency management.
• Controlled privileged gain as withsudo, without using any suid programs.
• The useful parts ofsocket activation[1]without having to change application code or link servers against any specific library, and without having to switch to any specific init system.

The s6 documentation tries to be complete and self-contained; however, if you have never heard of process supervision before, you might be confused at first. See the related resources section below for pointers to more resources, and earlier approaches to process supervision that might help you understand the basics.

• A high-level overview of s6
• Why another supervision suite? Isn't runit good enough?
• What is instant notification? What does theftrigr library do exactly?
• How to run an s6-svscan-based supervision tree without replacing init
• How to replace init
• How to perform socket activation with s6

Installation

Requirements

• A POSIX-compliant system with a standard C development environment
• GNU make, version 3.81 or later
• skalibs version 2.15.0.0 or later. It's a build-time requirement. It's also a run-time requirement if you link against the shared version of the skalibs library.
• (Optional, but really recommended for full functionality):execline version 2.9.9.0 or later. When s6 is built with execline support (which is the default), execline is a build-time requirement, and also a run-time requirement for certain binaries that spawn scripts interpreted withexeclineb.

The following optional dependencies are also supported:

• If you're using musl and want nsswitch-like functionality:nsss version 0.2.1.2 or later (build-time and boot-time)

Licensing

s6 is free software. It is available under theISC license.

Download

• The current released version of s6 is 2.15.0.0. You can access its checksum here.
• Alternatively, you can checkout a copy of thes6 git repository:
  git clone git://git.skarnet.org/s6
• There's also aCodeberg mirror, or aGitHub mirror, or aSourceHut mirrorof the s6 git repository.

Compilation

• See the enclosed INSTALL file for installation details.

Upgrade notes

• This page lists the differences to be aware of between the previous versions of s6 and the current one.

Reference

If you prefer to read this documentation as man pages, it is now possible! There is a project that ports the s6 documentation to a set of man pages.

Commands

All these commands exit 111 if they encounter a temporary error, and 100 if they encounter a permanent error - such as a misuse. They exit 127 if they're trying to execute into a program and cannot find it, and 126 if they fail to execute into a program for another reason. Short-lived commands exit 0 on success.

Supervision system

s6-svscan and s6-superviseare the long-lived processes maintaining the supervision tree. Other programs are a user interface to control those processes and monitor service states.

• The s6-svscan program
• The s6-svscanctl program
• The s6-supervise program
• The s6-svc program
• The s6-svok program
• The s6-svstat program
• The s6-svperms program
• The s6-svlink program
• The s6-svunlink program
• The s6-svdt program
• The s6-svdt-clear program
• The s6-permafailon program
• The s6-background-watch program

Readiness notification for supervised services

• The s6-svwait program
• The s6-svlisten1 program
• The s6-svlisten program
• The s6-notifyoncheck program
• The s6-notify-fd-from-socket program
• The s6-notify-socket-from-fd program

Misc utilities for run scripts

These programs are a rewrite of the corresponding utilities fromdaemontools, with a few extras.

• The s6-envdir program
• The s6-envuidgid program
• The s6-fghack program
• The s6-setlock program
• The s6-setsid program
• The s6-setuidgid program
• The s6-applyuidgid program
• The s6-softlimit program
• The s6-tai64n program
• The s6-tai64nlocal program

Fifodir management, notification and subscription

These programs provide a command-line interface tointer-process notification and synchronization. They're a generalized interface to the same mechanisms used by tools like s6-svwait.

• The s6-mkfifodir program
• The s6-cleanfifodir program
• The s6-ftrig-notify program
• The s6-ftrig-wait program
• The s6-ftrig-listen1 program
• The s6-ftrig-listen program
• The s6-ftrigrd internal program

Unix domain super-server, local service management and access control

• The s6-ipcclient program
• The s6-ipcserver program
• The s6-ipcserver-socketbinder program
• The s6-ipcserverd program
• The s6-ioconnect program
• The s6-ipcserver-access program
• The s6-connlimit program
• The s6-accessrules-cdb-from-fs program
• The s6-accessrules-fs-from-cdb program

suidless privilege gain

• The s6-sudo program
• The s6-sudoc program
• The s6-sudod program

Logging

• The s6-log program
• The s6-socklog program
• The ucspilogd program

Management of user supervision trees

• The s6-usertree-maker program

Management of dynamic instances

• An overview of dynamic instantiation in s6
• The s6-instance-maker program
• The s6-instance-create program
• The s6-instance-delete program
• The s6-instance-control program
• The s6-instance-status program
• The s6-instance-list program

fd-holding, a.k.a. the sensible part of socket activation

• The s6-fdholder-daemon program
• The s6-fdholderd program
• The s6-fdholder-store program
• The s6-fdholder-retrieve program
• The s6-fdholder-delete program
• The s6-fdholder-list program
• The s6-fdholder-getdump program
• The s6-fdholder-setdump program
• The s6-fdholder-transferdump program

Libraries

• s6/s6.h, the main entry point
• The ftrigw library interface
• The ftrigr library interface
• The accessrules library interface
• The s6-fdholder library interface

Definitions

• What is a fifodir
• What is a service directory
• What is a scan directory
• What is a local service
• Why are the libftrigw and libftrigr needed

Related resources

s6 manual pages

• Lennart Jablonka is providing the s6 documentation as aset of man pages.

Other components for s6-based init systems

• s6-linux-initis a package to help you create a /sbin/init binary booting a Linux system with s6-svscan as process 1.
• s6-rc is a dependency-based service manager for s6.
• s6-frontend is a friendlier user interface to address the complete s6 ecosystem (this package, s6-linux-init and s6-rc).
• s6-overlayis a project that automates integration of s6 into Docker images.
• anopa is another dependency-based service manager for s6.
• 66 is another service manager working on top of s6.

s6 discussion

• s6 is discussed on thesupervision mailing-list.
• There is a #s6 IRC channel on OFTC. It hosts most discussions around supervision topics, and skaware in general.

Similar work

• daemontools, the pioneering process supervision software suite.
• daemontools-encore, a derived work from daemontools with enhancements. (Note that although s6 follows the same naming scheme, the same general design, and many of the same architecture choices as daemontools, it is still original work, sharing no code at all with daemontools.)
• runit, a slightly different approach to process supervision, with the same goals.
• perp, yet another slightly different approach to process supervision, also with the same goals.
• noshis another suite of system-level utilities with similarities in the design and approach. It is written in C++, though, and is coded in quite a different way than the previous items on this list.

Other init systems

(This list hasn't been updated in a long while. I'm keeping it for reference.)

• Felix von Leitner's minit is an init system for Linux, with process supervision capabilities.
• suckless init is considered by many as the smallest possible init. I disagree: suckless init is incorrect, because it has no supervision capabilities, and thus, killing all processes but init can brick the machine. Nevertheless, suckless init, like many other suckless projects, is a neat exercise in minimalism.
• sysvinit is the traditional init system for Linux.
• Upstart is a well-known init system for Linux, with complete service management, that came with earlier versions of the Ubuntu distribution. It is now deprecated.
• systemd is a problem in its own category.
• The various BSD flavors have their own style ofinit.
• MacOS X has its own init spaghetti monster calledlaunchd.

All-in-one init systems generally feel complex and convoluted, and when most people find out about the process supervision approach to init systems, they usually find it much simpler.There is a good reason for this.

Miscellaneous

Why "s6" ?

skarnet.org's small and securesupervision software suite.

Also, s6 is a nice command name prefix to have: it identifies the origin of the software, and it's short. Expect more use of s6- in future skarnet.org software releases. And please avoid using that prefix for your own projects.

Footnotes

[1] Take everything you read on that link with two or three salt shakers. (This is true for anything written by the author of that document.)