Created
August 31, 2022 02:01
-
-
Save darkrain42/02fa589002afa645912d8f8d87bf55f8 to your computer and use it in GitHub Desktop.
Workaround for running docker-pihole (w/ s6-overlay v3) on fly.io
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM pihole/pihole:latest | |
| # Run s6 in its own PID namespace so that it is PID 1, even when the | |
| # environment already has its own init process (fly.io has a non-optional | |
| # one), to avoid this error: | |
| # s6-overlay-suexec: fatal: can only run as pid 1 | |
| # | |
| # Un-ignore SIGINT and SIGTERM signals so that s6-init and all its child | |
| # processes don't default to ignoring those signals. A bug in the "unshare" | |
| # utility propagates ignoring these signals to the child process, which is | |
| # then inherited to the other children. This causes "service pihole-FTL | |
| # restart" to hang, because the bash "run" script ignores the SIGTERM. | |
| # | |
| # Fixed in util-linux 2.38 and above | |
| # (https://github.com/util-linux/util-linux/pull/1560). | |
| # | |
| # You don't want to do this unless there's already an init, because if | |
| # "unshare" is the actual PID 1: | |
| # % docker exec -it pihole ls | |
| # OCI runtime exec failed: exec failed: unable to start container process: error closing exec fds: open /proc/self/fd: no such file or directory: unknown | |
| # | |
| ENTRYPOINT [ \ | |
| "unshare", "--pid", "--fork", "--kill-child=SIGTERM", "--mount-proc", \ | |
| "perl", "-e", "$SIG{INT}=''; $SIG{TERM}=''; exec @ARGV;", "--", \ | |
| "/s6-init" ] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment