How to kill all processes except PID 1

killprocess

I want to kill all processes on a system except for PID 1.

I am currently using pgrep -l . | awk "{if (\$1 != 1) print \$1}" | xargs -n 1 kill -s INT.

awk is used to exclude the process with PID 1

If I run the command on alpine linux (which uses sh), I get:

# pgrep -l . | awk "{if (\$1 != 1) print \$1}" | xargs -n 1 kill -s INT
kill: can't kill pid 265: No such process

I believe PID 256 is from awk.

Is there a clean way (using utilities that should be available across most linux systems) to kill all processes except for PID 1?

Best Answer

On Linux at least,

kill -- -1

Will send the SIGTERM signal to every process it can except for the calling process (so the process running that kill command which could be the shell if kill is built-in there (it usually is on POSIX shells) or the process running a standalone kill command) and the process of pid 1.

Note that it does it as part of the kill() system call, so it's more reliable than using commands like pkill or killall (or the traditional killall command sometimes found as killall5 on Linux traditionally used for that) that first list the processes and then kill them as those would miss the processes that have been spawned in the mean time.

So it sounds like exactly what you want.

trap '' TERM # ignore SIGTERM ourselves though it wouldn't be needed 
             # in most shells
kill -- -1
sleep 1 # leave processes some time to exit cleanly on SIGTERM
kill -s KILL -- -1 # removes the remaining processes or those 
                   # that have started since without giving them
                   # a chance to clean-up.
exit

Should kill everything but the process of id 1.

You can experiment with it by running:

unshare --mount-proc -mpf

That starts a shell in a separate pid and mount namespace (with a new /proc (as used by ps/pkill/killall)) where that shell has pid 1.

Outside of Linux, kill -- -1 should work on every system at killing most processes, but the list of processes that are exempt from the killing can vary from system to system.

Related Solutions

Shell – killing processes automatically

Of course the one liner you wrote won't work since the $1 is inside the quotes. Try this:

ps| gawk '{ if ($4 != "COMMAND" && $4 != "sh" && $4 != "ps") system("kill -KILL "$1) }'

Have fun but use it with caution. I generally don't like system commands in gawk, certainly not the "kill" command.

Linux – Differences between system processes, and user processes, kernel control paths and kernel thread

In the case of Linux, a task (kernel internal idea of a thread; threads can share resources, like memory and open files; some run only inside the kernel) can run in userland, or (it's thread of execution) can transfer into the kernel (and back) to execute a system call. A user thread can be highjacked temporarily to execute an interrupt (but that isn't really that thread running).

That a process is a "system process" or a regular user process is completely irrelevant in Unix, they are handled just the same. In Linux case, some tasks run in-kernel to handle miscellaneous jobs. They are kernel jobs, not "system processes" however.

One big caveat: Text books on complex software products (compilers and operating systems are particularly egregious examples) tend to explain simplistic algorithms (often ones that haven't been used in earnest for half a century), because real world machines and user requirements are much too complex to be handled in some way that can be described in a structured, simple way. Much of a compiler is ad-hoc tweaks (particularly in the area of code optimization, the transformations are mostly the subset of possibilities that show up in practical use). In the case of Linux, most of the code is device drivers (mentioned in passing as device-dependent in operating system texts), and of this code a hefty slice is handling misbehaving devices, which do not comply to their own specifications, or which behave differently between versions of "the same device". Often what is explained in minute detail is just the segment of the job that can be reduced to some nice theory, leaving the messy, irregular part (almost) completely out. For instance, Cris Fraser and David Hanson in their book describing the LCC compiler state that typical compiler texts contain mostly explanations on lexical analysis and parsing, and very little on code generation. Those tasks are some 5% of the code of their (engineered to be simple!) compiler, and had negligible error rate. The complex part of the compiler is just not covered in standard texts.

Best Answer

Related Solutions

Shell – killing processes automatically

Linux – Differences between system processes, and user processes, kernel control paths and kernel thread

Related Question