"Peter Ross" <Petros.Listig@fdrive.com.au> writes:
Under FreeBSD I have a service in a jail and run
/etc/rc.d/jail stop <jailname>
It kills all processes in the jail using "jail -r".
While I find "cgcreate" and "cgexec" I cannot find the "destroyer" but I am sure there is one.
You might have better luck looking for "LXC" which uses cgroups and namespaces under the hood as its active ingredients, and provides a similar level of abstraction to openvz (or, I think, BSD gaols[0]). There are two competing implementations I know about: one called "lxc" which is barebones CLI and a bit clunky, and a completely orthogonal implementation inside libvirt. That is, libvirtd can manage containers directly without the "lxc" userland package. The libvirtd is almost certainly geared towards full-on lightweight VMs a la openvz, but with lxc you can (with some fiddling) e.g. run an app with the same filesystem namespace but separate networking and process namespaces. Um, going from memory here, cgroups are just about grouping processes together, and placing resource constraints (e.g. "capped at 128MB RAM") on them. I guess that's a bit like ulimits, but more useful. Namespaces are about hiding other procs/groups resources from sight. Similar to the -o hidepid=2 option for /proc mounts. Anyway, lxc package has lxc-destroy(8) :-) [0] sorry, I couldn't resist being a smart arse.