A "kill" button for control groups

Posted May 3, 2021 21:39 UTC (Mon) by Sesse (subscriber, #53779)
Parent article: A "kill" button for control groups

I'm surprised this doesn't already exist. One of the things that systemd does _really_ well compared to sysvinit, is that it's able to kill daemons reliably, with no fuzz, and no cooperation of any kind (e.g. pid files). I always attributed this to its use of cgroups, assuming they had an easy way to just take down the entire cgroup.

A "kill" button for control groups

Posted May 3, 2021 22:06 UTC (Mon) by wahern (subscriber, #37304) [Link] (1 responses)

systemd just iterates over the list of PIDs in a cgroup and kills them individually. Contrary to the mythology it's neither completely deterministic nor race-free (i.e. subject to TOCTTOU), but nonetheless more robust than PID files, especially when dealing with forking, multi-process services.

For services which play nice--don't fork away from the supervisor, don't change process groups, etc--you can just kill the process group. But the people who understand the arcana of good process management, and the people who write software that people tend to install, seem to be mutually exclusive groups.

The ability to atomically kill all processes in a cgroup will finally bring systemd's actual behavior (mostly?) inline with the myth.

A "kill" button for control groups

Posted May 4, 2021 12:31 UTC (Tue) by hmh (subscriber, #3838) [Link]

So far so good... but I'd expect any real API for this to mimic signal grouping, and allow us to send *any* signal to the cgroup. Preferably with an option to do it "atomically" (if such a notion is possible, maybe relative to fork, clone and friends -- or to cgroup membership-changing?), and restricted to members of a cgroup that the calling process would have permissions to signal (plus the other restrictions that make sense: no kernel threads, etc).

Echo 1 to a sysfs file to send SIGKILL looks like the kind of thing one should throw around just to sound waters if the whole idea might have some traction, before doing the real thing...