[thayne]

Cgroups have several problems

1. It is relatively complicated to use. And even harder to use properly. From what I understand, to reliably kill all processes you need to freeze the cgroup then list the pids in it, then send a signal to each of those pids. Which is pretty involved, requires a separate supervisor process, and isn't 100% reliable in cgroupv1.

2. It requires root, or at least having control of a cgroup delegated to the process. You might be able to use user namespaces, depending on the distro and kernel, but that makes the implementation even more complicated.

3. It is possible to escape the cgroup, if the child process has permission to write to the task file of another cgroup.

Cgroups are useful, and can be used for this use case in some common scenarios, such as docker and systemd.

But as a general tool for structured concurrency that normal processes can use, it doesn't quite fit the bill.