ping @dmcgowan @crosbymichael PTAL (also the discussion on containerd/containerd#3149)

I think we may not wait containerd/containerd#3149 , because it is used to fix who use libcontainerd by themselves, of course include docker.
If there were no two containers using the same cgroup path in docker, I think this PR in Moby can move on if there were no other impact, because it can fix such cases forever.
And the PR containerd/containerd#3149 will not be able to impact this PR no matter whether 3149 be merged in contaierd or not.
And I also agree with we should have a full discussion.

If someone worry about this patch. I think we can use containerd.WithProcessKill by passing some flags as follows:
docker kill -a ...: send signal to all processes inside the container
docker stop -a ...: stop by send signal to all processes inside the container
docker restart -a ...: restart by send signal to all processes inside the container
docker rm -a ...: rm a container by send signal to all processes inside the container
Just like ctr t kill -a ...

And don't make containerd shim service stuck at any time. Please see containerd/containerd#3168

Can you explain, is this still needed now that we've bumped to containerd 1.2.7?

Also, can we add a test case for shared pid ns?

@lifubang need rebase

@lifubang Are you still working on this?　Is this still needed

I think this can be closed as there have been a few patches in containerd regarding this issue.
If i'm mistaken, please let me know.

Thanks!