Re: [RESEND PATCH] prctl: add PR_[GS]ET_PDEATHSIG_PROC

From: Oleg Nesterov
Date: Thu Oct 05 2017 - 12:27:43 EST


On 10/03, Jürg Billeter wrote:
>
> My use case is to provide a way for a process to spawn a child and
> ensure that no descendants survive when that child dies. Avoiding
> runaway processes is desirable in many situations. My motivation is
> very lightweight (nested) sandboxing (every process is potentially
> sandboxed).
>
> I.e., pid namespaces would be a pretty good fit (assuming they are
> sufficiently lightweight) but CLONE_NEWPID

sorry if this was already discussed, I didn't read this thread yet...

if CLONE_NEWPID is not suitable for any reason. We already have
PR_SET_CHILD_SUBREAPER. Perhaps we can simply add another
PR_SET_KILL_ALL_DESCEDANTS_ON_EXIT? we can use walk_process_tree()
to send SIGKILL.

Oleg.