Commit a637c8f5 authored by Profpatsch's avatar Profpatsch

containers/helpers: add tini init process to Entrypoints

Docker runs its entrypoint as PID 1. Linux assumes PID 1 is an init process,
which is required to manage a few extra tasks as compared to “normal” processes.
`tini` is a minimal C tool that manages these tasks and then `execve`s into the
real executable. See the linked articles in the comments for further info.
parent 8a0406e2
......@@ -11,6 +11,12 @@
, description
# like runAsRoot, but the base setup is already done
, rootSetupScript
# Add an init process as entry point that reaps zombie processes.
# See https://github.com/krallin/tini
# and https://github.com/docker-library/official-images#init
# Note that `docker run` can do that via `--init`, but that
# is given at deploy time and therefore easy to forget.
, initProcess ? [ "${pkgs.tini}/bin/tini" "--" ]
}:
let
......@@ -30,9 +36,14 @@ let
};
image = pkgs.dockerTools.buildImage {
inherit name tag config;
inherit name tag;
fromImage = baseImage;
config = config // {
# initProcess is always prepended to the given entrypoint
Entrypoint = initProcess ++ config.Entrypoint or [];
};
# TODO: read-only container option
# TODO: make most setup work completely declarative
runAsRoot = ''
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment