runsc ps: Add process group ID (PGID) to output#12739
Merged
copybara-service[bot] merged 1 commit intogoogle:masterfrom Apr 8, 2026
Merged
runsc ps: Add process group ID (PGID) to output#12739copybara-service[bot] merged 1 commit intogoogle:masterfrom
copybara-service[bot] merged 1 commit intogoogle:masterfrom
Conversation
|
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
Contributor
Author
|
@ayushr2 sorry for the ping - it's my first contribution here. Did I miss something to make this visible for reviewers? |
Contributor
|
I'll also tag @EtiennePerot here. The context is: we kill individual processes instead killing the whole gVisor on memory pressure. Currently we kill by invoking a custom command mounted into gVisor, but it not reliable when memory pressure is high. Killing using gVisor machinery should be more reliable. But to do that, we need to find processes structure, using process group ids. |
Member
|
@stepancheg thanks for the context, seems reasonable. @danielpfeifer02 sorry we didn't get to this for so long. |
copybara-service Bot
pushed a commit
that referenced
this pull request
Apr 7, 2026
Add the process group ID (PGID) field to the Process struct and populate it using the existing kernel ProcessGroup API. The PGID is now displayed in a new JSON-full output of `runsc ps`. The JSON-full output format is making fields like PGID, PPID, UID, and command name available to callers in a JSON format but keeping the original JSON format the same for backwards compatibility. This enables container runtimes to discover process group IDs from outside the sandbox without needing to exec into the container, which is useful for sending signals to entire process groups via `runsc kill` when the container may be under memory pressure. I am planning to add a follow-up PR enabling the functionality of running `runsc kill --pgid xxx`. FUTURE_COPYBARA_INTEGRATE_REVIEW=#12739 from danielpfeifer02:dpfeifer/runsc-ps-pgid 27f59b4 PiperOrigin-RevId: 896146844
ayushr2
reviewed
Apr 8, 2026
| // SetFlags implements subcommands.Command.SetFlags. | ||
| func (ps *PS) SetFlags(f *flag.FlagSet) { | ||
| f.StringVar(&ps.format, "format", "table", "output format. Select one of: table or json (default: table)") | ||
| f.StringVar(&ps.format, "format", "table", "output format. Select one of: table, json (PIDs only), or json-full (full process data) (default: table)") |
Collaborator
There was a problem hiding this comment.
IMO we should not add a new format for this. This is inconsistent with what runc does: https://github.com/opencontainers/runc/blob/main/ps.go
Instead, we can just add this to the table output when format==table. This was the same approach taken in 663fe84
dpfeifer2
force-pushed
the
dpfeifer/runsc-ps-pgid
branch
2 times, most recently
from
77f6faf to
182306a
Compare
Collaborator
|
Please squash your commits: https://github.com/google/gvisor/blob/master/CONTRIBUTING.md#code-reviews |
Add the process group ID (PGID) field to the Process struct and populate it using the existing kernel ProcessGroup API. The PGID is now displayed in both table and JSON output of `runsc ps`. The JSON output format is changed from a bare PID array to the full Process struct serialization, making fields like PGID, PPID, UID, and command name available to callers. This enables container runtimes to discover process group IDs from outside the sandbox without needing to exec into the container, which is useful for sending signals to entire process groups via `runsc kill` when the container may be under memory pressure.
danielpfeifer02
force-pushed
the
dpfeifer/runsc-ps-pgid
branch
from
182306a to
9eead07
Compare
Contributor
Author
|
Hi @ayushr2, thanks for your feedback. I moved the change into the existing table format and squashed all into one commit. |
copybara-service Bot
pushed a commit
that referenced
this pull request
Apr 8, 2026
Add the process group ID (PGID) field to the Process struct and populate it using the existing kernel ProcessGroup API. The PGID is now displayed in a new JSON-full output of `runsc ps`. The JSON-full output format is making fields like PGID, PPID, UID, and command name available to callers in a JSON format but keeping the original JSON format the same for backwards compatibility. This enables container runtimes to discover process group IDs from outside the sandbox without needing to exec into the container, which is useful for sending signals to entire process groups via `runsc kill` when the container may be under memory pressure. I am planning to add a follow-up PR enabling the functionality of running `runsc kill --pgid xxx`. FUTURE_COPYBARA_INTEGRATE_REVIEW=#12739 from danielpfeifer02:dpfeifer/runsc-ps-pgid 9eead07 PiperOrigin-RevId: 896146844
ayushr2
approved these changes
Apr 8, 2026
copybara-service Bot
pushed a commit
that referenced
this pull request
Apr 8, 2026
Add the process group ID (PGID) field to the Process struct and populate it using the existing kernel ProcessGroup API. The PGID is now displayed in a new JSON-full output of `runsc ps`. The JSON-full output format is making fields like PGID, PPID, UID, and command name available to callers in a JSON format but keeping the original JSON format the same for backwards compatibility. This enables container runtimes to discover process group IDs from outside the sandbox without needing to exec into the container, which is useful for sending signals to entire process groups via `runsc kill` when the container may be under memory pressure. I am planning to add a follow-up PR enabling the functionality of running `runsc kill --pgid xxx`. FUTURE_COPYBARA_INTEGRATE_REVIEW=#12739 from danielpfeifer02:dpfeifer/runsc-ps-pgid 9eead07 PiperOrigin-RevId: 896146844
copybara-service Bot
pushed a commit
that referenced
this pull request
Apr 8, 2026
Add the process group ID (PGID) field to the Process struct and populate it using the existing kernel ProcessGroup API. The PGID is now displayed in a new JSON-full output of `runsc ps`. The JSON-full output format is making fields like PGID, PPID, UID, and command name available to callers in a JSON format but keeping the original JSON format the same for backwards compatibility. This enables container runtimes to discover process group IDs from outside the sandbox without needing to exec into the container, which is useful for sending signals to entire process groups via `runsc kill` when the container may be under memory pressure. I am planning to add a follow-up PR enabling the functionality of running `runsc kill --pgid xxx`. FUTURE_COPYBARA_INTEGRATE_REVIEW=#12739 from danielpfeifer02:dpfeifer/runsc-ps-pgid 9eead07 PiperOrigin-RevId: 896146844
Merged
copybara-service Bot
pushed a commit
that referenced
this pull request
Apr 9, 2026
Follow up PR of #12739 for adding `runsc kill --pgid xxx` support. ## Changes ## Adds a `--pgid` flag to `runsc kill` that sends a signal to all processes in a given process group (identified by PGID in the root PID namespace). This complements the existing `--pid` and `--all` flags. The signal is delivered through the existing `ContMgrSignal` `RPC` via a new `DeliverToProcessGroup` delivery mode, following the same `container -> sandbox -> loader` chain as the other signal modes. ## Testing ## `TestSignalProcessGroup` creates a 3-process container (`init -> child -> grandchild`) where the child calls `setpgid` to form a new process group shared with the grandchild. The test sends `SIGKILL` to that PGID and verifies: - Both child and grandchild are killed - Init (PGID 1) survives A new `task-tree-pgid` test app subcommand supports this by spawning a deterministic process tree with a distinct process group. FUTURE_COPYBARA_INTEGRATE_REVIEW=#12905 from danielpfeifer02:dpfeifer/runsc-kill-pgid 7afe641 PiperOrigin-RevId: 897368159
Merged
copybara-service Bot
pushed a commit
that referenced
this pull request
Apr 13, 2026
Follow up PR of #12739 for adding `runsc kill --pgid xxx` support. ## Changes ## Adds a `--pgid` flag to `runsc kill` that sends a signal to all processes in a given process group (identified by PGID in the root PID namespace). This complements the existing `--pid` and `--all` flags. The signal is delivered through the existing `ContMgrSignal` `RPC` via a new `DeliverToProcessGroup` delivery mode, following the same `container -> sandbox -> loader` chain as the other signal modes. ## Testing ## `TestSignalProcessGroup` creates a 3-process container (`init -> child -> grandchild`) where the child calls `setpgid` to form a new process group shared with the grandchild. The test sends `SIGKILL` to that PGID and verifies: - Both child and grandchild are killed - Init (PGID 1) survives A new `task-tree-pgid` test app subcommand supports this by spawning a deterministic process tree with a distinct process group. FUTURE_COPYBARA_INTEGRATE_REVIEW=#12905 from danielpfeifer02:dpfeifer/runsc-kill-pgid 7afe641 PiperOrigin-RevId: 897368159
copybara-service Bot
pushed a commit
that referenced
this pull request
Apr 13, 2026
Follow up PR of #12739 for adding `runsc kill --pgid xxx` support. ## Changes ## Adds a `--pgid` flag to `runsc kill` that sends a signal to all processes in a given process group (identified by PGID in the root PID namespace). This complements the existing `--pid` and `--all` flags. The signal is delivered through the existing `ContMgrSignal` `RPC` via a new `DeliverToProcessGroup` delivery mode, following the same `container -> sandbox -> loader` chain as the other signal modes. ## Testing ## `TestSignalProcessGroup` creates a 3-process container (`init -> child -> grandchild`) where the child calls `setpgid` to form a new process group shared with the grandchild. The test sends `SIGKILL` to that PGID and verifies: - Both child and grandchild are killed - Init (PGID 1) survives A new `task-tree-pgid` test app subcommand supports this by spawning a deterministic process tree with a distinct process group. FUTURE_COPYBARA_INTEGRATE_REVIEW=#12905 from danielpfeifer02:dpfeifer/runsc-kill-pgid 7afe641 PiperOrigin-RevId: 897368159
copybara-service Bot
pushed a commit
that referenced
this pull request
Apr 13, 2026
Follow up PR of #12739 for adding `runsc kill --pgid xxx` support. ## Changes ## Adds a `--pgid` flag to `runsc kill` that sends a signal to all processes in a given process group (identified by PGID in the root PID namespace). This complements the existing `--pid` and `--all` flags. The signal is delivered through the existing `ContMgrSignal` `RPC` via a new `DeliverToProcessGroup` delivery mode, following the same `container -> sandbox -> loader` chain as the other signal modes. ## Testing ## `TestSignalProcessGroup` creates a 3-process container (`init -> child -> grandchild`) where the child calls `setpgid` to form a new process group shared with the grandchild. The test sends `SIGKILL` to that PGID and verifies: - Both child and grandchild are killed - Init (PGID 1) survives A new `task-tree-pgid` test app subcommand supports this by spawning a deterministic process tree with a distinct process group. FUTURE_COPYBARA_INTEGRATE_REVIEW=#12905 from danielpfeifer02:dpfeifer/runsc-kill-pgid 7afe641 PiperOrigin-RevId: 897368159
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add the process group ID (PGID) field to the Process struct and populate it using the existing kernel ProcessGroup API. The PGID is now displayed in a new JSON-full output of
runsc ps.The JSON-full output format is making fields like PGID, PPID, UID, and command name available to callers in a JSON format but keeping the original JSON format the same for backwards compatibility.
This enables container runtimes to discover process group IDs from outside the sandbox without needing to exec into the container, which is useful for sending signals to entire process groups via
runsc killwhen the container may be under memory pressure.I am planning to add a follow-up PR enabling the functionality of running
runsc kill --pgid xxx.