Make use of cgroup.kill

[kolyshkin]

Cgroup v2 Kernel 5.14+ implements cgroup.kill which does the same thing that we try to do in signalAllProcesses

runc/libcontainer/init_linux.go

Line 499 in 8772c4d

func signalAllProcesses(m cgroups.Manager, s os.Signal) error {

but in the kernel and reliably.

Since we're using signalAllProcesses mostly to send SIGKILL to container (with the exception of runc kill --all), this needs to be moved to cgroup managers to benefit from the new feature.

[kolyshkin]

So, now we have this:

runc/libcontainer/state_linux.go

Lines 40 to 47 in b114862

	func destroy(c *linuxContainer) error {
	if !c.config.Namespaces.Contains(configs.NEWPID) ||
	c.config.Namespaces.PathOf(configs.NEWPID) != "" {
	if err := signalAllProcesses(c.cgroupManager, unix.SIGKILL); err != nil {
	logrus.Warn(err)
	}
	}
	err := c.cgroupManager.Destroy()

and this:

runc/delete.go

Lines 18 to 27 in b114862

	func killContainer(container libcontainer.Container) error {
	_ = container.Signal(unix.SIGKILL, false)
	for i := 0; i < 100; i++ {
	time.Sleep(100 * time.Millisecond)
	if err := container.Signal(unix.Signal(0), false); err != nil {
	destroy(container)
	return nil
	}
	}
	return errors.New("container init still running")

and it would be nice to use cgroup.kill in both cases (possibly by adding Kill() method to cgroupManager, implementing it in a traditional way for v1, and use cgroup.kill for v2).

[kolyshkin]

This is a relatively new addition and might not be available for older kernels: https://lwn.net/Articles/855924/