Userland: Invent a method to clean up system resources for containers that stopped running

[supercomputer7]

This issue is intended to be a place to discuss what's the best approach on this matter.

As it is right now, if we run a program with runc, and that program exits, then we have a dangling VFS root context (or other resources that might not be cleaned up automatically) that nobody uses anymore, but nothing is responsible to clean it up in such case.

The solutions I have in my mind:

• Let the exiting program to do this job. Only works if it's not jailed though, because when a process is jailed it can't do this kind of job.
• Add a mechanism in runc to wait for the containerized program to exit and clean the resources afterwards. This will require using runc as a daemon (or even adding something like containerd?). The running container should be invoked separately, maybe with #24764 being in, we could do the jailing part in the new process and not in runc.
• Add a kernel mechanism to auto-clean resources if nothing uses them. Could be useful but should be a knob and not a requirement.

Maybe there are more options so feedback on this topic is appreciated :)

[VyankateshRohokale]

I guess we can add this method in it , it will be easy in my opinion...maybeee