runsc does not block SIGKILL to PID 1

Description

Linux appears to block the delivery of SIGKILL to PID 1, however runsc allows it to be delivered.

Steps to reproduce

Linux:

$ docker run --rm -it ubuntu
# kill -9 1   # does nothing

gVisor:

$ docker run --runtime=runsc --rm -it ubuntu
# kill -9 1    # container exits

runsc version

runsc version release-20250611.0
spec: 1.2.0

docker version (if using docker)

Client: Docker Engine - Community
 Version:           28.2.2
 API version:       1.50
 Go version:        go1.24.3
 Git commit:        e6534b4
 Built:             Fri May 30 12:07:27 2025
 OS/Arch:           linux/amd64
 Context:           default

Server: Docker Engine - Community
 Engine:
  Version:          28.2.2
  API version:      1.50 (minimum version 1.24)
  Go version:       go1.24.3
  Git commit:       45873be
  Built:            Fri May 30 12:07:27 2025
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.7.27
  GitCommit:        05044ec0a9a75232cad458027ca83437aae3f4da
 runsc:
  Version:          release-20250611.0
  GitCommit:
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

uname

Linux docker-02 6.8.0-1024-aws #26-Ubuntu SMP Tue Feb 18 17:22:37 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

kubectl (if using Kubernetes)

repo state (if built from source)

No response

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Description

Steps to reproduce

runsc version

docker version (if using docker)

uname

kubectl (if using Kubernetes)

repo state (if built from source)

runsc debug logs (if available)

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Description

Description

Steps to reproduce

runsc version

docker version (if using docker)

uname

kubectl (if using Kubernetes)

repo state (if built from source)

runsc debug logs (if available)

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions