From c7f260d8319d076ca2f4055beb59c74420713a34 Mon Sep 17 00:00:00 2001 From: "Hongli Lai (Phusion)" Date: Tue, 12 Nov 2013 23:01:37 +0100 Subject: [PATCH] Document the consequences of letting processes be killed with SIGKILL --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index aa6e3a3..8abf1c3 100644 --- a/README.md +++ b/README.md @@ -24,7 +24,7 @@ Why use baseimage-docker instead of doing everything yourself in Dockerfile? | Component | Why is it included? / Remarks | | ---------------- | ------------------- | | Ubuntu 12.04 LTS | The base system. | -| A **correct** init process | According to the Unix process model, [the init process](https://en.wikipedia.org/wiki/Init) -- PID 1 -- inherits all [orphaned child processes](https://en.wikipedia.org/wiki/Orphan_process) and must [reap them](https://en.wikipedia.org/wiki/Wait_(system_call). Most Docker containers do not have an init process that does this correctly, and as a result their containers become filled with [zombie processes](https://en.wikipedia.org/wiki/Zombie_process) over time.

Furthermore, `docker stop` sends SIGTERM to the init process, which is then supposed to stop all services. Unfortunately most init systems don't do this correctly within Docker since they're built for hardware shutdowns instead.

Baseimage-docker comes with an init process `/sbin/my_init` that performs both of these tasks correctly. | +| A **correct** init process | According to the Unix process model, [the init process](https://en.wikipedia.org/wiki/Init) -- PID 1 -- inherits all [orphaned child processes](https://en.wikipedia.org/wiki/Orphan_process) and must [reap them](https://en.wikipedia.org/wiki/Wait_(system_call). Most Docker containers do not have an init process that does this correctly, and as a result their containers become filled with [zombie processes](https://en.wikipedia.org/wiki/Zombie_process) over time.

Furthermore, `docker stop` sends SIGTERM to the init process, which is then supposed to stop all services. Unfortunately most init systems don't do this correctly within Docker since they're built for hardware shutdowns instead. This causes processes to be hard killed with SIGKILL, which doesn't give them a chance to correctly deinitialize things. This can cause file corruption.

Baseimage-docker comes with an init process `/sbin/my_init` that performs both of these tasks correctly. | | Fixes APT incompatibilities with Docker | See https://github.com/dotcloud/docker/issues/1024. | | syslog-ng | A syslog daemon is necessary so that many services - including the kernel itself - can correctly log to /var/log/syslog. If no syslog daemon is running, a lot of important messages are silently swallowed.

Only listens locally. | | ssh server | Allows you to easily login to your container to inspect or administer things.

Password and challenge-response authentication are disabled by default. Only key authentication is allowed.
It allows an predefined key by default to make debugging easy. You should replace this ASAP. See instructions. |