minimal subreaper init for containers
Minit acts as a init process for your application. It does:
- spawn a child process to run your application
- forward signals to child processes
- adopt orphaned processes
- reaps terminated child processes to prevent zombie processes
| Functionality | tini | minit |
|---|---|---|
| forward signals | ✅ | ✅ |
| adopt orphaned processes | ✅ | ✅ |
| reap zombie processes | ✅ | ✅ |
| wait for all processes | ❌ | ✅ |
Even if you start tini with the -s flag or the TINI_SUBREAPER environment
variable set, it won't wait for the all adopted child processes if the spawned
application exits. That means if your application A forks/spawns process B and
C, then exits before they finish, tini will also finish and still leave
process B and C as zombie processes behind.
Let's skip the lecture about not running daemons within containers, best practices of fork/wait pairing or even signaling child processes when the parent dies. At the end of the day, an application wants a clean exit. This includes its child processes. An abrupt termination of them can result in unwanted behaviour, such as state corruption or misleading status.
You can build the application using make minit. You can also build the sample
application using make sample, which simply forks a sleep system command and
exits, allowing a quick test.
The repository contains a developer container that is usable with the VSCode
[Remote - Containers][ms-vscode-remote.remote-containers] extension. Due to
this extension lack of support for buildkit, the container build must be done
through a task, which is also provided.
If you're on Linux and want to develop directly, then install:
- GNU Make
- GCC
- Linux headers
- libc-dev or equivalent package
- procps-dev or equivalent package
Release versions are built statically, which means you can use minit on a
scratch container. In fact the release container is based on scratch, with only
the binary. You can base off it, or just copy the binary from the image:
FROM minit:latest AS minit
FROM scratch
COPY --from=minit /usr/local/bin/minit /usr/local/bin/minit
# your awesome directives go here
ENTRYPOINT ["minit", "<your-app>"]
CMD ["minit", "<your-app>"]The binary is only tested for memory leaks, using valgrind. This is available as
the test target on the main Dockerfile, and can be executed using make test.
The final container image be tested for its structure using make image-test.
Prefix any executable with minit. It takes any arguments, which will all be
used as-is to execute from the spawned process. For instance, if you want to run
sleep 10 with minit, use:
minit sleep 10That's it.