moby
diff --git a/‎Dockerfile‎
Lines changed: 10 additions & 0 deletions b/‎Dockerfile‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎Dockerfile.aarch64‎
Lines changed: 10 additions & 0 deletions b/‎Dockerfile.aarch64‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎Dockerfile.armhf‎
Lines changed: 10 additions & 0 deletions b/‎Dockerfile.armhf‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎Dockerfile.ppc64le‎
Lines changed: 10 additions & 0 deletions b/‎Dockerfile.ppc64le‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎Dockerfile.s390x‎
Lines changed: 10 additions & 0 deletions b/‎Dockerfile.s390x‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎Dockerfile.simple‎
Lines changed: 10 additions & 0 deletions b/‎Dockerfile.simple‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎api/types/container/host_config.go‎
Lines changed: 3 additions & 0 deletions b/‎api/types/container/host_config.go‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎daemon/config_unix.go‎
Lines changed: 2 additions & 0 deletions b/‎daemon/config_unix.go‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎daemon/oci_linux.go‎
Lines changed: 21 additions & 0 deletions b/‎daemon/oci_linux.go‎
Lines changed: 21 additions & 0 deletions
diff --git a/‎docs/reference/commandline/dockerd.md‎
Lines changed: 2 additions & 0 deletions b/‎docs/reference/commandline/dockerd.md‎
Lines changed: 2 additions & 0 deletions
@@ -255,6 +255,16 @@ RUN set -x \
 	&& cp bin/ctr /usr/local/bin/docker-containerd-ctr \
 	&& rm -rf "$GOPATH"
 
+ENV GRIMES_COMMIT f207601a8d19a534cc90d9e26e037e9931ccb9db
+RUN set -x \
+    && export GOPATH="$(mktemp -d)" \
+	&& git clone https://github.com/crosbymichael/grimes.git "$GOPATH/grimes" \
+	&& cd "$GOPATH/grimes" \
+	&& git checkout -q "$GRIMES_COMMIT" \
+	&& make \
+	&& cp init /usr/local/bin/docker-init \
+	&& rm -rf "$GOPATH"
+
 # Wrap all commands in the "docker-in-docker" script to allow nested containers
 ENTRYPOINT ["hack/dind"]
 
 
@@ -198,6 +198,16 @@ RUN set -x \
 	&& cp bin/ctr /usr/local/bin/docker-containerd-ctr \
 	&& rm -rf "$GOPATH"
 
+ENV GRIMES_COMMIT f207601a8d19a534cc90d9e26e037e9931ccb9db
+RUN set -x \
+    && export GOPATH="$(mktemp -d)" \
+	&& git clone https://github.com/crosbymichael/grimes.git "$GOPATH/grimes" \
+	&& cd "$GOPATH/grimes" \
+	&& git checkout -q "$GRIMES_COMMIT" \
+	&& make \
+	&& cp init /usr/local/bin/docker-init \
+	&& rm -rf "$GOPATH"
+
 # Wrap all commands in the "docker-in-docker" script to allow nested containers
 ENTRYPOINT ["hack/dind"]
 
 
@@ -196,6 +196,16 @@ RUN set -x \
 	&& cp bin/ctr /usr/local/bin/docker-containerd-ctr \
 	&& rm -rf "$GOPATH"
 
+ENV GRIMES_COMMIT f207601a8d19a534cc90d9e26e037e9931ccb9db
+RUN set -x \
+    && export GOPATH="$(mktemp -d)" \
+	&& git clone https://github.com/crosbymichael/grimes.git "$GOPATH/grimes" \
+	&& cd "$GOPATH/grimes" \
+	&& git checkout -q "$GRIMES_COMMIT" \
+	&& make \
+	&& cp init /usr/local/bin/docker-init \
+	&& rm -rf "$GOPATH"
+
 ENTRYPOINT ["hack/dind"]
 
 # Upload docker source
 
@@ -216,6 +216,16 @@ RUN set -x \
 	&& cp bin/ctr /usr/local/bin/docker-containerd-ctr \
 	&& rm -rf "$GOPATH"
 
+ENV GRIMES_COMMIT f207601a8d19a534cc90d9e26e037e9931ccb9db
+RUN set -x \
+    && export GOPATH="$(mktemp -d)" \
+	&& git clone https://github.com/crosbymichael/grimes.git "$GOPATH/grimes" \
+	&& cd "$GOPATH/grimes" \
+	&& git checkout -q "$GRIMES_COMMIT" \
+	&& make \
+	&& cp init /usr/local/bin/docker-init \
+	&& rm -rf "$GOPATH"
+
 # Wrap all commands in the "docker-in-docker" script to allow nested containers
 ENTRYPOINT ["hack/dind"]
 
 
@@ -208,6 +208,16 @@ RUN set -x \
 	&& cp bin/ctr /usr/local/bin/docker-containerd-ctr \
 	&& rm -rf "$GOPATH"
 
+ENV GRIMES_COMMIT f207601a8d19a534cc90d9e26e037e9931ccb9db
+RUN set -x \
+    && export GOPATH="$(mktemp -d)" \
+	&& git clone https://github.com/crosbymichael/grimes.git "$GOPATH/grimes" \
+	&& cd "$GOPATH/grimes" \
+	&& git checkout -q "$GRIMES_COMMIT" \
+	&& make \
+	&& cp init /usr/local/bin/docker-init \
+	&& rm -rf "$GOPATH"
+
 # Wrap all commands in the "docker-in-docker" script to allow nested containers
 ENTRYPOINT ["hack/dind"]
 
 
@@ -80,6 +80,16 @@ RUN set -x \
 	&& cp bin/ctr /usr/local/bin/docker-containerd-ctr \
 	&& rm -rf "$GOPATH"
 
+ENV GRIMES_COMMIT f207601a8d19a534cc90d9e26e037e9931ccb9db
+RUN set -x \
+    && export GOPATH="$(mktemp -d)" \
+	&& git clone https://github.com/crosbymichael/grimes.git "$GOPATH/grimes" \
+	&& cd "$GOPATH/grimes" \
+	&& git checkout -q "$GRIMES_COMMIT" \
+	&& make \
+	&& cp init /usr/local/bin/docker-init \
+	&& rm -rf "$GOPATH"
+
 ENV AUTO_GOPATH 1
 WORKDIR /usr/src/docker
 COPY . /usr/src/docker
@@ -321,6 +321,9 @@ type HostConfig struct {
 
 	// Mounts specs used by the container
 	Mounts []mount.Mount `json:",omitempty"`
+
+	// Run a custom init inside the container, if null, use the daemon's configured settings
+	Init *bool `json:",om        itempty"`
 }
 
 // Box specifies height and width dimensions. Used for sizing of a console.
 
@@ -35,6 +35,7 @@ type Config struct {
 	Runtimes             map[string]types.Runtime `json:"runtimes,omitempty"`
 	DefaultRuntime       string                   `json:"default-runtime,omitempty"`
 	OOMScoreAdjust       int                      `json:"oom-score-adjust,omitempty"`
+	Init                 bool                     `json:"init,omitempty"`
 }
 
 // bridgeConfig stores all the bridge driver specific
@@ -91,6 +92,7 @@ func (config *Config) InstallFlags(flags *pflag.FlagSet) {
 	flags.Var(runconfigopts.NewNamedRuntimeOpt("runtimes", &config.Runtimes, stockRuntimeName), "add-runtime", "Register an additional OCI compatible runtime")
 	flags.StringVar(&config.DefaultRuntime, "default-runtime", stockRuntimeName, "Default OCI runtime for containers")
 	flags.IntVar(&config.OOMScoreAdjust, "oom-score-adjust", -500, "Set the oom_score_adj for the daemon")
+	flags.BoolVar(&config.Init, "init", false, "Run an init in the container to forward signals and reap processes")
 
 	config.attachExperimentalFlags(flags)
 }
 
@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"io"
 	"os"
+	"os/exec"
 	"path/filepath"
 	"sort"
 	"strconv"
@@ -585,6 +586,26 @@ func (daemon *Daemon) populateCommonSpec(s *specs.Spec, c *container.Container)
 		cwd = "/"
 	}
 	s.Process.Args = append([]string{c.Path}, c.Args...)
+
+	// only add the custom init if it is specified and the container is running in its
+	// own private pid namespace.  It does not make sense to add if it is running in the
+	// host namespace or another container's pid namespace where we already have an init
+	if c.HostConfig.PidMode.IsPrivate() {
+		if (c.HostConfig.Init != nil && *c.HostConfig.Init) ||
+			(c.HostConfig.Init == nil && daemon.configStore.Init) {
+			s.Process.Args = append([]string{"/dev/init", c.Path}, c.Args...)
+			path, err := exec.LookPath("docker-init")
+			if err != nil {
+				return err
+			}
+			s.Mounts = append(s.Mounts, specs.Mount{
+				Destination: "/dev/init",
+				Type:        "bind",
+				Source:      path,
+				Options:     []string{"bind", "ro"},
+			})
+		}
+	}
 	s.Process.Cwd = cwd
 	s.Process.Env = c.CreateDaemonEnvironment(linkedEnv)
 	s.Process.Terminal = c.Config.Tty
 
@@ -48,6 +48,7 @@ Options:
       -H, --host=[]                          Daemon socket(s) to connect to
       --help                                 Print usage
       --icc=true                             Enable inter-container communication
+      --init                                 Run an init inside containers to forward signals and reap processes
       --insecure-registry=[]                 Enable insecure registry communication
       --ip=0.0.0.0                           Default IP when binding container ports
       --ip-forward=true                      Enable net.ipv4.ip_forward
@@ -1140,6 +1141,7 @@ This is a full example of the allowed configuration options on Linux:
 	"group": "",
 	"cgroup-parent": "",
 	"default-ulimits": {},
+	"init": false,
 	"ipv6": false,
 	"iptables": false,
 	"ip-forward": false,
Original file line number	Diff line number	Diff line change
`@@ -321,6 +321,9 @@ type HostConfig struct {`
`321`	`321`
`322`	`322`	`// Mounts specs used by the container`
`323`	`323`	Mounts []mount.Mount `json:",omitempty"`
	`324`	`+`
	`325`	`+ // Run a custom init inside the container, if null, use the daemon's configured settings`
	`326`	+ Init *bool `json:",om itempty"`
`324`	`327`	`}`
`325`	`328`
`326`	`329`	`// Box specifies height and width dimensions. Used for sizing of a console.`
Original file line number	Diff line number	Diff line change
`@@ -35,6 +35,7 @@ type Config struct {`
`35`	`35`	Runtimes map[string]types.Runtime `json:"runtimes,omitempty"`
`36`	`36`	DefaultRuntime string `json:"default-runtime,omitempty"`
`37`	`37`	OOMScoreAdjust int `json:"oom-score-adjust,omitempty"`
	`38`	+ Init bool `json:"init,omitempty"`
`38`	`39`	`}`
`39`	`40`
`40`	`41`	`// bridgeConfig stores all the bridge driver specific`
`@@ -91,6 +92,7 @@ func (config Config) InstallFlags(flags pflag.FlagSet) {`
`91`	`92`	`flags.Var(runconfigopts.NewNamedRuntimeOpt("runtimes", &config.Runtimes, stockRuntimeName), "add-runtime", "Register an additional OCI compatible runtime")`
`92`	`93`	`flags.StringVar(&config.DefaultRuntime, "default-runtime", stockRuntimeName, "Default OCI runtime for containers")`
`93`	`94`	`flags.IntVar(&config.OOMScoreAdjust, "oom-score-adjust", -500, "Set the oom_score_adj for the daemon")`
	`95`	`+ flags.BoolVar(&config.Init, "init", false, "Run an init in the container to forward signals and reap processes")`
`94`	`96`
`95`	`97`	`config.attachExperimentalFlags(flags)`
`96`	`98`	`}`