From e17f88ccbff55f631e4e42205114a311b1e47664 Mon Sep 17 00:00:00 2001
From: lifubang <lifubang@acmcoder.com>
Date: Mon, 2 Oct 2023 17:12:42 +0800
Subject: [PATCH] kill all processes in container with shared PID Ns before
 destory

Signed-off-by: lifubang <lifubang@acmcoder.com>
---
 libcontainer/state_linux.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libcontainer/state_linux.go b/libcontainer/state_linux.go
index 8d8f31d3678..7e048f0d7c2 100644
--- a/libcontainer/state_linux.go
+++ b/libcontainer/state_linux.go
@@ -35,6 +35,11 @@ type containerState interface {
 }
 
 func destroy(c *Container) error {
+	if !c.config.Namespaces.IsPrivate(configs.NEWPID) && c.cgroupManager.Exists() {
+		if err := signalAllProcesses(c.cgroupManager, unix.SIGKILL); err != nil {
+			return err
+		}
+	}
 	err := c.cgroupManager.Destroy()
 	if c.intelRdtManager != nil {
 		if ierr := c.intelRdtManager.Destroy(); err == nil {