Can't kill a paused container in cgroup v1 environment.

[cyyzero]

Test case is below:

$ sudo youki run test
$ sudo youki pause test
$ sudo youki list
ID    PID   STATUS   BUNDLE  CREATED                    CREATOR
test  7310  Paused   .       2022-08-19T12:51:28+08:00  root

$sudo youki kill test SIGKILL
$ sudo youki list
ID    PID   STATUS   BUNDLE  CREATED                    CREATOR
test  7310  Running  .       2022-08-19T12:51:28+08:00  root

$ cat /sys/fs/cgroup/freezer/test/freezer.state 
FROZEN
$ cat /sys/fs/cgroup/freezer/test/tasks        
7310

Container status is wrong because killing paused container failed. The container process won't receive SIGKILL and quit until it is thawed. It also makes youki delete --force test failing, since cgroup directory can't be removed until there's no tasks in it.

Here's the solution. opencontainers/runc#3217 Maybe I could help fix the issue.

[YJDoc2]

Hey @cyyzero , sorry there hasn't been a reply. I'll try taking a look at the issue you have linked and getting back to you.

cc @Furisto

[YJDoc2]

Hey @cyyzero , I took a look at the issue you linked, and we should also implement the same, i.e. if the cgroup on system is v1, then first thaw the container and then send a fatal kill signal , iff --force option is given.

Would you be interested in working on this? My guess is following things will need to be done :

• whenever kill command is given, check if force is given or not
  • if force is not given, and cgroups is v1 and container is frozen, display error / warning saying could not be killed as it was forzen
  • if force option is given, and cgroups is v1 and container is frozen, thaw it and send the kill signal
  • if cgroups is v2 , nothing special needs to be done
• add an integration test to check this behavior, so we can make sure this keeps working (however, the test won't be the end-all be-all , as it will need to be run on cgroups v1 system to ensure that it the behavior is correct, cgroups v2 systems are already working as intended)

Let me know if you are interested in working on this, and in any case, Thanks for reporting and following up!

[cyyzero]

Hey @YJDoc2., thanks for your reply! I'm willing to fix this issue. I will firstly deal with the bug of kill --force under cgroup v1. Maybe some time later I will ask you about some details of writing integration test (I'm not familiar with github CI).

[YJDoc2]

Hey @cyyzero , are you encountering any issue with this? Feel feel to ask for help, or let us know if any issue!

[cyyzero]

@YJDoc2 Sorry for the slow progress, I've been preparing for job applications recently.
Integration tests is still in development.

[YJDoc2]

Hey, no worries, I wanted to just check in if you're having any issues 👍
I'll take a look at the draft PR you have opened if possible this weekend :)