From d72deed554026586ad4185638bc869942722bdfd Mon Sep 17 00:00:00 2001
From: Michael Crosby <crosbymichael@gmail.com>
Date: Mon, 27 Jun 2016 14:38:47 -0700
Subject: [PATCH] Add init process for zombie fighting

This adds a small C binary for fighting zombies.  It is mounted under
`/dev/init` and is prepended to the args specified by the user.  You
enable it via a daemon flag, `dockerd --init`, as it is disable by
default for backwards compat.

You can also override the daemon option or specify this on a per
container basis with `docker run --init=true|false`.

You can test this by running a process like this as the pid 1 in a
container and see the extra zombie that appears in the container as it
is running.

```c

int main(int argc, char ** argv) {
	pid_t pid = fork();
	if (pid == 0) {
		pid = fork();
		if (pid == 0) {
			exit(0);
		}
		sleep(3);
		exit(0);
	}
	printf("got pid %d and exited\n", pid);
	sleep(20);
}
```

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
---
 docs/reference/commandline/dockerd.md | 2 ++
 man/dockerd.8.md                      | 4 ++++
 2 files changed, 6 insertions(+)

diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md
index 3c393b004b..5fff237b1c 100644
--- a/docs/reference/commandline/dockerd.md
+++ b/docs/reference/commandline/dockerd.md
@@ -48,6 +48,7 @@ Options:
       -H, --host=[]                          Daemon socket(s) to connect to
       --help                                 Print usage
       --icc=true                             Enable inter-container communication
+      --init                                 Run an init inside containers to forward signals and reap processes
       --insecure-registry=[]                 Enable insecure registry communication
       --ip=0.0.0.0                           Default IP when binding container ports
       --ip-forward=true                      Enable net.ipv4.ip_forward
@@ -1140,6 +1141,7 @@ This is a full example of the allowed configuration options on Linux:
 	"group": "",
 	"cgroup-parent": "",
 	"default-ulimits": {},
+	"init": false,
 	"ipv6": false,
 	"iptables": false,
 	"ip-forward": false,
diff --git a/man/dockerd.8.md b/man/dockerd.8.md
index 06c3820027..a84cd76715 100644
--- a/man/dockerd.8.md
+++ b/man/dockerd.8.md
@@ -34,6 +34,7 @@ dockerd - Enable daemon mode
 [**-H**|**--host**[=*[]*]]
 [**--help**]
 [**--icc**[=*true*]]
+[**--init**[=*false*]]
 [**--insecure-registry**[=*[]*]]
 [**--ip**[=*0.0.0.0*]]
 [**--ip-forward**[=*true*]]
@@ -166,6 +167,9 @@ unix://[/path/to/socket] to use.
 **--icc**=*true*|*false*
   Allow unrestricted inter\-container and Docker daemon host communication. If disabled, containers can still be linked together using the **--link** option (see **docker-run(1)**). Default is true.
 
+**--init**
+Run an init process inside containers for signal forwarding and process reaping.
+
 **--insecure-registry**=[]
   Enable insecure registry communication, i.e., enable un-encrypted and/or untrusted communication.