终止Linux中的所有子进程 [英] Terminate all child process in LInux

问题描述

我正在 linux 上开发一个沙箱.现在我很困惑终止沙箱中的所有进程.我的沙箱工作如下:起初只有一个进程在沙箱中运行.然后它可以创建几个子进程.子进程也将创建他们的子进程.并且父进程可能会在其子进程退出之前的某个时间退出.最后沙箱将终止所有进程.

I am developing a sandbox on linux. And now i am confused terminating all process in the sandbox. My sandbox works as follows: At first only one process run in the sandbox. Then it can create several child process. And child process will create their subprocess also. And parent process may exit at some time before its children exited. At last sandbox will terminate all the process.

我曾经通过使用 killall 或 pkill -u 将唯一用户附加到沙箱来做到这一点.但它似乎不适用于快速使用 fork() 的程序.

I used to do this by using killall or pkill -u with a unique user attached to the sandbox.But it seems doesn't work on the program which uses fork() fastly.

然后我搜索了pkill的源代码，发现pkill失去了原子性.

Then I search for the source code of pkill and realized that pkill is lose of atomicity.

那么我怎样才能实现我的目标?

So how could i achieve my goal ?

推荐答案

你可以使用进程组 setpgid(2) 和会话 setsid(2)，但我不认为你在沙箱中做什么(特别是因为如果其中一个进程是 setuid 或更改其进程组或会话本身，您将丢失它；阅读 execve(2) 仔细多次！).请注意，kill(2) 带有负 pid 会杀死整个进程组.

You could use process groups setpgid(2) and sessions setsid(2), but I don't qualify what you do as a sandbox (in particular because if one of the processes is setuid or change its process group or session itself, you'll lose it; read execve(2) carefully and several times!). Notice that kill(2) with a negative pid kills an entire process group.

阅读一本好书，例如高级 Linux 编程.还可以考虑使用 chroot(2).

Read a good book like Advanced Linux Programming. Consider also using chroot(2).

并说明您真正想要做什么以及为什么.沙箱比您想象的要难.另请参阅capabilities(7)、credentials(7) 和 SElinux.

And explain what and why you really want to do. sandboxing is harder that what you think. See also capabilities(7), credentials(7) and SElinux.

这篇关于终止Linux中的所有子进程的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！