                // tip of the week
                series →
            

$ docker run --init - The Flag You Should Use on Every Container

                
                    Christian Lehnert •
                
                2026-06-06 •
                ~2 min read

When a container starts, the entrypoint runs as PID 1. PID 1 is
not a normal process. The Linux kernel gives it two specific
responsibilities that most application binaries are not designed to
handle.

The first is signal handling. PID 1 is the only process that does
not have default signal handlers. SIGTERM, SIGINT, and SIGHUP are
silently ignored unless the application explicitly installs a
handler for them. Most applications do not. The visible symptom is
that docker stop takes ten seconds before Docker gives up and
sends SIGKILL, because SIGTERM was ignored by the running process
that did not know it was supposed to act on it.

The second is zombie reaping. When a child process exits, its
parent must call wait() to clear the entry from the process
table. If the parent does not, the entry becomes a zombie. PID 1 is
the catch-all reaper: any process orphaned by its original parent
dying gets re-parented to PID 1, which is responsible for
collecting the exit status. An application that runs as PID 1 and
does not implement this catch-all behavior will accumulate zombies
indefinitely.

The fix is one flag.

1docker run --init my-image

The --init flag tells Docker to inject a tiny init process
(tini by default) as PID 1. The application runs as PID 2 under
tini. tini handles the signal-forwarding and zombie-reaping
responsibilities that the application would have to handle if it
were PID 1 itself. SIGTERM reaches the application as a normal
signal. Orphaned children get reaped. docker stop completes in
the actual graceful-shutdown time of the application rather than
in the ten-second SIGKILL timeout.

In Compose:

1services:
2  myservice:
3    image: my-image
4    init: true

There are essentially no downsides. tini adds a few kilobytes to
the container's memory footprint. The init process consumes no CPU
when idle. The application sees a slightly different process tree,
which almost never matters in practice.

If you are running a container, you should be running it with
--init unless you have a specific reason not to. The flag should
have been the default in Docker since the day it shipped.

                Tagged:
            

#docker #containers #tip-of-the-week

// series

                This is part of the tip of the week series — short, focused notes on Linux, BSD, and the shells, tools, and habits that hold them together. Shipped weekly.

                
                   ← Back to posts