(Thanks for your explanations in the other thread.) On Mon, Apr 26, 2021 at 05:15:14PM +0200, Christian Brauner <christian.brauner@xxxxxxxxxx> wrote: > Since cgroups organize and manage resources and processes killing > cgroups is arguably a core cgroup feature and in some form was always > planned. It just hasn't been high-priority. This holds for v1 as well, actually, cgroup.signal had been considered [1] (but dropped in favor the freezer IIUC). > We should very much try to make interfaces simpler to use for > userspace. Another way of seeing this is to have one canonical way how to do that (i.e. with freezing). > In this specific instance the code comes down from an algorithm to > recursively kill all cgroups to a single write into a file. Which > seems like a good win. I'm considering the SIGKILL-only implementation now, i.e. the recursion would still be needed for other signals. > You can kill processes in ancestor or sibling pid namespaces as long > as they are encompassed in the same cgroup. And other useful things. This seems like the main differentiating point, the ability to pass around a suicidal igniter around, that'll blow you up, all your house including any privileged or invisible visitors in it. (Rewording just for the fun of the simile.) So with the restriction to mere SIGKILL of a cgroup and this reasoning, I'll look at the patch itself (replying directly to original message). > But really, the simplifcation alone is already quite good. Yes, let's keep this a simplification :-) Michal [1] https://lore.kernel.org/lkml/CALdu-PBLCNXTaZuODyzw_g_FQNyLqK_FsdObC=HjtEp75vkdFQ@xxxxxxxxxxxxxx/
Attachment:
signature.asc
Description: Digital signature
