[kjetijor]

No mention of linux' pid_namespaces documentation ?

> Only signals for which the "init" process has established a signal handler can be sent to the "init" process by other members of the PID namespace. This restriction applies even to privileged processes, and prevents other members of the PID namespace from accidentally killing the "init" process.

> Likewise, a process in an ancestor namespace can—subject to the usual permission checks described in kill(2)—send signals to the "init" process of a child PID namespace only if the "init" process has established a handler for that signal.

[simcop2387]

Yep, I wrote a container system similar to docker (also in perl) and had to make sure I had signal handlers setup properly for PID 1 so that weird things didn't happen when it execs to another process or fails during that. Not too difficult to do, but if you're doing docker then dumb-init is probably the better option than adding some boiler plate to everything you're going to make.

[diocles]

OP here - thanks for that! This blog post represents my slow realisation that PID 1 is even more special than I thought, and the fairly common pattern of running applications without an init system is quite broken.