Using chpst to block setpgrp?

[Ian Stokes-Rees <i.stokes-rees1@physics.ox.ac.uk>]

Hi,

I am pretty sure the answer to this question is "no way", but is there
any mechanism that can be used to block "setpgrp"?  I can't see that
there is.  Basically we are using runit to start arbitrary user
"processes" but we want to keep track of them.  If they "daemonize" or
change their process group they can get away from us.  The (quasi)
inverse of "chpst -P" would be nice.

This is all for a batch scheduler -- people can circumvent the system
through daemons and process groups so that their processes keep
executing beyond their allocated time either to get a bigger slice or
for more malicious reasons such as to snoop on the subsequent jobs which
run.

I suppose in any case there is nothing to stop a user from doing a
regular "fork and kill" which would immediately invalidate the PPID, but
I am less clear on what would happen to the PGID in this case.

We would like to have PGID fixed for all processes started by a single
user process so that we can "corral" them and then kill them all when
the original process exits/dies or the alotted time expires.

Cheers,

Ian
-- 
Ian Stokes-Rees                 i.stokes-rees@physics.ox.ac.uk
Particle Physics, Oxford        http://www-pnp.physics.ox.ac.uk/~stokes