Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
runtime: use tgkill instead of tkill #27548
This has been proposed previously (#24924), but was closed because Android allows tkill.
However, generally tgkill allows creation of a stricter sandbox (note that tkill is only used in runtime.raise to send a signal to the current thread).
With kill and tgkill, the sandbox policy (e.g., seccomp) can prevent the program from sending signals to other processes by checking that the first argument == getpid().
With tkill, the policy must whitelist all tids in the process, which is effectively impossible given Go's dynamic thread creation.
Specifically, this applies to the gVisor project, where we do not allow tkill in our seccomp policy. At the moment, we attempt to emulate the standard Go runtime signal behavior. This works, but I don't see any downsides to using tgkill in raise, and other sandboxed Go programs could benefit, hence this feature request.