> On March 10, 2014, 9:14 p.m., Timothy St. Clair wrote: > > Umm this is what PID namespaces is for. FWIW a fork bomb process could > > escape this logic, but not escape a namespace. > > > > http://timothysc.github.io/blog/2013/02/22/perprocess/ > > Timothy St. Clair wrote: > The link is just a namespace ref, the link in there doc point to the > details.
Yep definitely, our existing 'killtree' does not guarantee that it will catch all processes either. We provide this for users running without cgroups isolation as a best-effort mechanism for killing a process tree. Tim, have a look at r/18597/ where I mention that the command executor cannot assume that it lives inside a pid namespace and as such, we need to be careful. - Ben ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/18595/#review36706 ----------------------------------------------------------- On Feb. 28, 2014, 12:54 a.m., Niklas Nielsen wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/18595/ > ----------------------------------------------------------- > > (Updated Feb. 28, 2014, 12:54 a.m.) > > > Review request for mesos and Ben Mahler. > > > Repository: mesos-git > > > Description > ------- > > New killtree(ProcessTree tree, int signal) traverse process tree and sends a > signal to all pids. This is done regardless of presence and state of process. > Patch is used by up coming signal escalation. > > > Diffs > ----- > > 3rdparty/libprocess/3rdparty/stout/include/stout/os/killtree.hpp 1f45897 > > Diff: https://reviews.apache.org/r/18595/diff/ > > > Testing > ------- > > Functional testing with signal escalation code and make check. > > > Thanks, > > Niklas Nielsen > >
