Commit a637c8f5 authored by Profpatsch's avatar Profpatsch

containers/helpers: add tini init process to Entrypoints

Docker runs its entrypoint as PID 1. Linux assumes PID 1 is an init process,
which is required to manage a few extra tasks as compared to “normal” processes.
`tini` is a minimal C tool that manages these tasks and then `execve`s into the
real executable. See the linked articles in the comments for further info.
parent 8a0406e2
...@@ -11,6 +11,12 @@ ...@@ -11,6 +11,12 @@
, description , description
# like runAsRoot, but the base setup is already done # like runAsRoot, but the base setup is already done
, rootSetupScript , rootSetupScript
# Add an init process as entry point that reaps zombie processes.
# See https://github.com/krallin/tini
# and https://github.com/docker-library/official-images#init
# Note that `docker run` can do that via `--init`, but that
# is given at deploy time and therefore easy to forget.
, initProcess ? [ "${pkgs.tini}/bin/tini" "--" ]
}: }:
let let
...@@ -30,9 +36,14 @@ let ...@@ -30,9 +36,14 @@ let
}; };
image = pkgs.dockerTools.buildImage { image = pkgs.dockerTools.buildImage {
inherit name tag config; inherit name tag;
fromImage = baseImage; fromImage = baseImage;
config = config // {
# initProcess is always prepended to the given entrypoint
Entrypoint = initProcess ++ config.Entrypoint or [];
};
# TODO: read-only container option # TODO: read-only container option
# TODO: make most setup work completely declarative # TODO: make most setup work completely declarative
runAsRoot = '' runAsRoot = ''
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment