About an issue with sigkill being passed out of the apptainer container

56 views
Skip to first unread message

류건모

unread,
Jul 1, 2025, 6:48:53 AMJul 1
to discuss

Hello, everyone.

I'm asking because even if I give the -C option when running the apptainer run command, all related processes are killed by an internal kill -9 0.

The relevant test code is available at https://github.com/geonmo/pid_namespace_test.

Here, I have isolated pid, ipc, etc. with the -C option, but all related apptainers are killed by the kill -9 0 from the last apptainer run.

I'm wondering if this is the intended design.

When I ran the same test on podman, it isolated well and did not affect other podman instances.

Regards,

-- Geonmo


Dave Dykstra

unread,
Jul 1, 2025, 12:28:08 PMJul 1
to 류건모, discuss
Hi Geonmo,

Thanks for the complete reproducing scripts.

The problem is a difference in behavior in bash between interactive and
script use. "kill 0" means send a signal to a whole process group, and
when inside of a script bash does not put each background process in its
own process group like it does when it runs background processes
interactively. Add a "-g" option to your pstree command to see that
they're all in the same process group. If you ". ./apptainer_test.sh"
instead of running it as a subshell, they each get a separate process
group and then it behaves as you like.

There are a few ways to change that behavior in a bash script. See for
example
https://unix.stackexchange.com/questions/529764/how-can-i-start-a-bash-script-in-its-own-process-group
I don't see a setpgid command, but putting setsid before each apptainer
call in your script worked for me.

Dave
> --
> You received this message because you are subscribed to the Google Groups "discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to discuss+u...@apptainer.org.
> To view this discussion visit https://groups.google.com/a/apptainer.org/d/msgid/discuss/c1234be2-f7d2-449b-9d36-c52255665ae5n%40apptainer.org.

류건모

unread,
Jul 7, 2025, 2:22:36 PMJul 7
to discuss, Dave Dykstra, discuss, 류건모

Hello, Dave.

First, I'll assume that the apptainer shell -C option is intended not to change the PGID, unlike podman, as you mentioned.

Another team worked on adding the setsid command when running individual analyses to prevent parent jobs from terminating due to a buggy application inside Apptainer. 

If it was not intended that the child processes inherit the same PGID despite isolating the pid namespace, we could have waited for a patch in Apptainer, but as you said, if it is intended, setsid is a proper solution.

Thank you for your kind response.

Regards,


Geonmo
2025년 7월 2일 수요일 오전 1시 28분 8초 UTC+9에 Dave Dykstra님이 작성:

Dave Dykstra

unread,
Jul 7, 2025, 2:29:14 PMJul 7
to 류건모, discuss
To be honest I'm not sure what the correct behavior should be in that case. I can see points in favor of both sides.

I suggest making a github issue about it. We can discuss it in a community call and have a permanent record of the discussion in the issue.

Dave
Reply all
Reply to author
Forward
0 new messages