How to kill/stop an LXD container when machine under attack + all LXD commands return context deadline exceeded

Title says it all.

Maybe kill /sbin/init in the container.

Someone let me know if killin /sbin/init is acceptable or this will create other problems.


Hi @davidfavor,
The gracefull method to use, lxc stop <vm_name> --force, you can kill the process as well which you can find ps -ef | grep -i <container_name>, process name begins with “lxc monitor” and kill the process like that.
sudo kill -9 <pid>

This won’t work.

All lxc commands return context deadline exceeded, so no form of lxc stop works, either with --timeout or --force.

I’ll try the monitor kill.

Killing the monitor process isn’t reliable, as sometimes it works + sometimes /sbin/init refuses to die, so all container processes continue running.

Kill /sbin/init seems to do the job… instantly… 100% of the time…

Well, I’m glad you succeeded. :+1:

Killing /sbin/init seems like an odd solution, especially on the host (doesn’t this take everything down?). This stackoverflow answer suggests its not even possible (my ubuntu laptop wont let me do it).

Whoops I miss read, you did it inside a container (though im still not sure how this helped as if I do this alpine it keeps running).

Still, “Under attack” isn’t particularly clear what attack you were suffering from but firewall rules on your edge (if its 1 or 2 ips) or fail2ban were probably a better solution.

I’m pretty curious what happened here, you publishing a write up anywhere?