Skip to content
/ contain Public

Prevent children from persisting beyond the end of a process's lifetime

License

Notifications You must be signed in to change notification settings

BYUHPC/contain

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Contain

contain prevents a parent process from launching child (and grandchild, etc.) processes that persist beyond the end of its life. This can prevent processes from escaping via nohup, disown, etc., and is useful for managing programs like Matlab that launch unwanted daemons.

Example usage:

        bash -c 'sleep 1h & echo $! >      free.pid; disown'
contain bash -c 'sleep 1h & echo $! > contained.pid; disown'
ps -p `cat      free.pid` # still alive
ps -p `cat contained.pid` # dead, or not a sleep process

Installation

Bash and a recent version of Apptainer are required to use contain.

Install with make install:

make install                     # install at /usr/bin/contain
make install DESTDIR=/mysoftware # install at /mysoftware/bin/contain

Security

contain makes escape by child processes difficult, but probably not impossible--maximally, it's only as secure as Apptainer. Pull requests that improve containment are welcome.

About

Prevent children from persisting beyond the end of a process's lifetime

Resources

License

Stars

Watchers

Forks

Packages

No packages published