On 10/03, Jürg Billeter wrote: > > My use case is to provide a way for a process to spawn a child and > ensure that no descendants survive when that child dies. Avoiding > runaway processes is desirable in many situations. My motivation is > very lightweight (nested) sandboxing (every process is potentially > sandboxed). > > I.e., pid namespaces would be a pretty good fit (assuming they are > sufficiently lightweight) but CLONE_NEWPID
sorry if this was already discussed, I didn't read this thread yet... if CLONE_NEWPID is not suitable for any reason. We already have PR_SET_CHILD_SUBREAPER. Perhaps we can simply add another PR_SET_KILL_ALL_DESCEDANTS_ON_EXIT? we can use walk_process_tree() to send SIGKILL. Oleg.
