(this is a new function proposal)
- for complete stop
on devices where pid ns is unsupported, kill a container completely seemed impossible
but then i found cgroup capable of doing this.
just attach ruri itself to a new cgroup (v2 for group killer) (and optionally drop related privileges/mounts) before starting the container, then all processes in container could be killed with a single write(2).
- property storage
cgroup also allows temporary (runtime) storage of non-paired properties
by making directories (with a prefix such as "_" to avoid confliction with controller files) under the container's main cgroup dir.
- process list
if cgroup is used, the "--ps" function would be available even without pid ns.
a pid list could be fetched from cgroup.procs controller.
- freezing?
as above, with cgroup.freeze controller
(this is a new function proposal)
on devices where pid ns is unsupported, kill a container completely seemed impossible
but then i found cgroup capable of doing this.
just attach ruri itself to a new cgroup (v2 for group killer) (and optionally drop related privileges/mounts) before starting the container, then all processes in container could be killed with a single write(2).
cgroup also allows temporary (runtime) storage of non-paired properties
by making directories (with a prefix such as "_" to avoid confliction with controller files) under the container's main cgroup dir.
if cgroup is used, the "--ps" function would be available even without pid ns.
a pid list could be fetched from
cgroup.procscontroller.as above, with
cgroup.freezecontroller