Re: [Haskell-cafe] how to terminate a (Posix) process and all its subprocesses?

https://downloads.haskell.org/~ghc/latest/docs/html/libraries/unix-2.7.2.2/S... (at a lower level, this is waitpid() with a negative process ID, expressing the process group whose leader has abs(process ID)). And yes, if a process puts itself into its own process group, it will be immune to control in this fashion. You can do a bit more with sessions instead of pgroups, but then a process could put itself into its own session. cgroups are pretty much the only way to avoid this… if and only if you prevent processes in a given cgroup from creating new cgroups. It's something of an infinite regression. As for cleanup, the convention is you use signal 15 (SIGTERM) to indicate "clean up and exit". If after a reasonable amount of time (typically some number of seconds) something is still running, you repeat with signal 9 (SIGKILL, which can't be blocked or masked). SIGTERM is usually sent to the entire process group, as individual processes may have their own distinct cleanup needs. On Tue, Jul 24, 2018 at 3:26 PM David Feuer wrote:

If the process is not thought to be hostile, I imagine it's best to first try signaling only the parent, and only signal the group if necessary. Otherwise, you may prevent it from cleaning up after itself properly. Dunno how to wait for the group to die.

On Tue, Jul 24, 2018, 3:21 PM Bardur Arantsson wrote:

...

On 2018-07-24 15:42, Johannes Waldmann wrote:

...

Dear Cafe,

I am using

https://hackage.haskell.org/package/process-1.6.4.0/docs/System-Process.html...

...

to start an external command, and wait for its completion.

If the process is hostile (e.g. fork bomb + countermeasures), then the *only* realiable way to do this is to use cgroups.

Obviously, this applies to Linux only. I'm not sure there's actually any truly POSIX way to reliably kill hostile sub-processes. I don't think so. (The progress group thing doesn't work if the process is hostile. It'll work fine otherwise.)

Regards,

_______________________________________________ Haskell-Cafe mailing list To (un)subscribe, modify options or view archives go to: http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe Only members subscribed via the mailman list are allowed to post.

_______________________________________________ Haskell-Cafe mailing list To (un)subscribe, modify options or view archives go to: http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe Only members subscribed via the mailman list are allowed to post.

-- brandon s allbery kf8nh sine nomine associates allbery.b@gmail.com ballbery@sinenomine.net unix, openafs, kerberos, infrastructure, xmonad http://sinenomine.net