[Haskell-cafe] how to terminate a (Posix) process and all its subprocesses?

Brandon Allbery allbery.b at gmail.com
Tue Jul 24 19:33:04 UTC 2018 

https://downloads.haskell.org/~ghc/latest/docs/html/libraries/unix-2.7.2.2/System-Posix-Process.html#v:getGroupProcessStatus
(at a lower level, this is waitpid() with a negative process ID, expressing
the process group whose leader has abs(process ID)).

And yes, if a process puts itself into its own process group, it will be
immune to control in this fashion. You can do a bit more with sessions
instead of pgroups, but then a process could put itself into its own
session. cgroups are pretty much the only way to avoid this… if and only if
you prevent processes in a given cgroup from creating new cgroups. It's
something of an infinite regression.

As for cleanup, the convention is you use signal 15 (SIGTERM) to indicate
"clean up and exit". If after a reasonable amount of time (typically some
number of seconds) something is still running, you repeat with signal 9
(SIGKILL, which can't be blocked or masked). SIGTERM is usually sent to the
entire process group, as individual processes may have their own distinct
cleanup needs.

On Tue, Jul 24, 2018 at 3:26 PM David Feuer <david.feuer at gmail.com> wrote:

> If the process is not thought to be hostile, I imagine it's best to first
> try signaling only the parent, and only signal the group if necessary.
> Otherwise, you may prevent it from cleaning up after itself properly. Dunno
> how to wait for the group to die.
>
> On Tue, Jul 24, 2018, 3:21 PM Bardur Arantsson <spam at scientician.net>
> wrote:
>
>> On 2018-07-24 15:42, Johannes Waldmann wrote:
>> > Dear Cafe,
>> >
>> > I am using
>> >
>> https://hackage.haskell.org/package/process-1.6.4.0/docs/System-Process.html#v:readProcess
>> > to start an external command, and wait for its completion.
>> >
>>
>> If the process is hostile (e.g. fork bomb + countermeasures), then the
>> *only* realiable way to do this is to use cgroups.
>>
>> Obviously, this applies to Linux only. I'm not sure there's actually any
>> truly POSIX way to reliably kill hostile sub-processes. I don't think
>> so. (The progress group thing doesn't work if the process is hostile.
>> It'll work fine otherwise.)
>>
>> Regards,
>>
>> _______________________________________________
>> Haskell-Cafe mailing list
>> To (un)subscribe, modify options or view archives go to:
>> http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
>> Only members subscribed via the mailman list are allowed to post.
>
> _______________________________________________
> Haskell-Cafe mailing list
> To (un)subscribe, modify options or view archives go to:
> http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
> Only members subscribed via the mailman list are allowed to post.



-- 
brandon s allbery kf8nh                               sine nomine associates
allbery.b at gmail.com                                  ballbery at sinenomine.net
unix, openafs, kerberos, infrastructure, xmonad        http://sinenomine.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.haskell.org/pipermail/haskell-cafe/attachments/20180724/4ff0896b/attachment.html>

More information about the Haskell-Cafe mailing list