diff --git a/.travis.yml b/.travis.yml
index 1c5e6d71..0c98a24a 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,4 +1,5 @@
 language: go
+sudo: required
 dist: bionic
 
 go:
diff --git a/pkg/invoke/os_unix.go b/pkg/invoke/os_unix.go
index 9bcfb455..d27076ac 100644
--- a/pkg/invoke/os_unix.go
+++ b/pkg/invoke/os_unix.go
@@ -16,5 +16,16 @@
 
 package invoke
 
+import (
+	"os"
+	"syscall"
+)
+
 // Valid file extensions for plugin executables.
 var ExecutableFileExtensions = []string{""}
+
+// SysProcAttribute holds optional, operating system-specific attributes.
+var SysProcAttribute = &syscall.SysProcAttr{
+	Setpgid: true,
+	Pgid:    os.Getpid(),
+}
diff --git a/pkg/invoke/os_windows.go b/pkg/invoke/os_windows.go
index 7665125b..21994743 100644
--- a/pkg/invoke/os_windows.go
+++ b/pkg/invoke/os_windows.go
@@ -14,5 +14,12 @@
 
 package invoke
 
+import (
+	"syscall"
+)
+
 // Valid file extensions for plugin executables.
 var ExecutableFileExtensions = []string{".exe", ""}
+
+// SysProcAttribute holds optional, operating system-specific attributes.
+var SysProcAttribute = &syscall.SysProcAttr{}
diff --git a/pkg/invoke/raw_exec.go b/pkg/invoke/raw_exec.go
index ad8498ba..2d62e01b 100644
--- a/pkg/invoke/raw_exec.go
+++ b/pkg/invoke/raw_exec.go
@@ -36,6 +36,10 @@ func (e *RawExec) ExecPlugin(ctx context.Context, pluginPath string, stdinData [
 	c.Stdin = bytes.NewBuffer(stdinData)
 	c.Stdout = stdout
 	c.Stderr = e.Stderr
+	// This attributes make sub process has group process id which is same as its parent process id,
+	// if we use this function in tree (libcni -> plugin -> plugin ... ), all sub processes generated
+	// from root process can be killed in tree recursively.
+	c.SysProcAttr = SysProcAttribute
 	if err := c.Run(); err != nil {
 		return nil, pluginErr(err, stdout.Bytes())
 	}
diff --git a/test.sh b/test.sh
index ba27e0be..4f07c0e4 100755
--- a/test.sh
+++ b/test.sh
@@ -6,7 +6,7 @@ cd "$(dirname $0)"
 
 echo -n "Running tests "
 function testrun {
-    bash -c "umask 0; PATH=$PATH go test $@"
+    sudo -E bash -c "umask 000; PATH=$PATH go test $@"
 }
 if [ ! -z "${COVERALLS:-""}" ]; then
     # coverage profile only works per-package