Reap random zombies

[kasbert]

If monit is used as init process in docker, it does not reap extra zombie processes created by services. It would be nice, if it did so.

Example Dockerfile:

FROM ubuntu:22.04
RUN \
 apt-get update && \
 DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends monit && \
 apt clean
RUN \
 printf '#!/bin/bash\nnohup date&' > /necromancer && \
 chmod 755 /necromancer && \
 printf 'check process hello matching nothing start "/necromancer"' > /etc/monit/conf-enabled/hello
ENTRYPOINT ["monit"]
CMD ["-I", "-B", "-v" , "-d", "10"]

Build and run:

docker build -t monit-test .
docker run --rm -d --name test monit-test

The zombie processes start invading the container:

docker exec -it test ps -ef

UID          PID    PPID  C STIME TTY          TIME CMD
root           1       0  1 06:21 ?        00:00:06 monit -I -B -v -d 10
root           8       1  0 06:21 ?        00:00:00 [date] <defunct>
root          16       1  0 06:21 ?        00:00:00 [date] <defunct>
root          18       1  0 06:22 ?        00:00:00 [date] <defunct>
root          20       1  0 06:23 ?        00:00:00 [date] <defunct>
root          22       1  0 06:23 ?        00:00:00 [date] <defunct>
root          30       1  0 06:24 ?        00:00:00 [date] <defunct>
root          32       1  0 06:25 ?        00:00:00 [date] <defunct>
root          34       1  0 06:25 ?        00:00:00 [date] <defunct>
root          36       1  3 06:26 ?        00:00:00 [date] <defunct>
root          37       0  0 06:26 pts/0    00:00:00 ps -ef

[kasbert]

As a workaround I use tini as the entrypoint

FROM ubuntu:22.04
RUN \
 apt-get update && \
 DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends monit tini && \
 apt clean
RUN \
 printf '#!/bin/bash\nnohup date&' > /necromancer && \
 chmod 755 /necromancer && \
 printf 'check process hello matching nothing start "/necromancer"' > /etc/monit/conf-enabled/hello
ENTRYPOINT ["tini"]
CMD ["-vv", "-g", "--", "monit", "-I", "-B", "-v" , "-d", "10"]