问题
I am developing a sandbox on linux. And now i am confused terminating all process in the sandbox. My sandbox works as follows: At first only one process run in the sandbox. Then it can create several child process. And child process will create their subprocess also. And parent process may exit at some time before its children exited. At last sandbox will terminate all the process.
I used to do this by using killall or pkill -u with a unique user attached to the sandbox.But it seems doesn't work on the program which uses fork() fastly.
Then I search for the source code of pkill and realized that pkill is lose of atomicity.
So how could i achieve my goal ?
回答1:
You could use process groups setpgid(2) and sessions setsid(2), but I don't qualify what you do as a sandbox (in particular because if one of the processes is setuid or change its process group or session itself, you'll lose it; read execve(2) carefully and several times!). Notice that kill(2) with a negative pid kills an entire process group.
Read a good book like Advanced Linux Programming. Consider also using chroot(2).
And explain what and why you really want to do. sandboxing is harder that what you think. See also capabilities(7), credentials(7) and SElinux.
来源:https://stackoverflow.com/questions/18158730/terminate-all-child-process-in-linux